Slashdot Mirror
New Malware Wiping Data On Computers In Iran
L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."
But my D drive got wiped!
Too busy fucking camels and staring at ankle porn to install an AV suite?
wiping data from partitions D through I
Thank God I hid all my porn on C drive!
The old drone shaped USB drive trick always works!
...it's fairly clever to target partitions that aren't the OS partition. I didn't read the article, but if it's targeting all entries mapped on D:-I: then that could be network shares, flash memory, external hard disks, internal extra hard disks, and possibly even files awaiting burn to disc, and with the OS left untouched would not raise suspicion as quickly.
Do not look into laser with remaining eye.
Well it seems like Iran has become the testing ground for the new weaponized computer arms race.
Or the US just writes new viruses that take advantage of Linux/Linux application's vulnerabilities. Hackers lack of interest won't save you now.
No, they'll just start writing more Linux trojans.
The US Government is full of Linux and Unix machines. You're a moron.
" Iran switches operations to Linux to evade these viruses."
You mean 2013 is the year of Linux on Iranian desktops?
I've never written a batch file over 64k before to warrant such extravagant conversion (Unless you count the REMs)
Kudos.
Why do I picture a guy frantically photoshopping Windows Explorer screenshots to show that there's still data on the D drive?
I want to delete my account but Slashdot doesn't allow it.
We're not talking about what figureheads and regulators push on public agencies and office drones, we're talking about the IC. The government, and particularly the agencies that engage in things like offensive cyber attacks and malware creation, uses plenty of *nix systems. If you can create something like Stuxnet, you can rewrite a basic data-wiping program for a different OS - especially if that OS is usually run without any antivirus software that might actually catch that program.
yet we're going to give a free pass to an OS used by a nation of terrorists?
Yes. Now stop being an idiot.
1. Iran realizes all these viruses are made for Windows. 2. Iran switches operations to Linux to evade these viruses. 3. US spies learn this and report back that Iran is using Linux. 4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!
5. Iran realizes all their software is made for windows and won't run on Linux. 6. Iran switches back.
I thought we all agreed that any predictions after 21 December 2012 were futile? ...I think I covered it all now...
Don't you know? We got a beowulf cluster of Mayans with frikkin lasers on their heads (bought wit bitcoins, operated by RaspPi's) is hurtling our way to destroy us all...
Wait...
Wait...
Just a second...
YUP!!!
rm -rf --no-preserve-root /
No they really don't.
they just outsource it(malware creation) anyways. to the same guys who tell them that it's a good idea to dump money on buying that service. it's a good business plan.
of course though, linux installations rarely autostart something on a drive found on the street and so forth.. but they're targetting windows because their scada etc systems run windows. and yeah it would be much harder to target a random linux or bsd version. but they're not going to run it on random linux or bsd as long as their industrial control sw is controlled form windows applications.
they could of course write their own industrial control sw. why they don't is a mystery, since it's the only sensible choice if you're building something you're dumping tens of thousands of manpower on.
world was created 5 seconds before this post as it is.
I can't say this is a bad thing... Hopefully it eats their backups too.
Why isn't this bad?
What possible good can come from attacking innocent people?
While we have no way of knowing who is behind these attacks... With the increase in attacks, targeting and seriousness of the recent attacks we've seen, one could fear that this is state sponsored terrorism. In which case I supose it wouldn't be unreasonable to suspect that Israel and maybe the US could be involved.
Anyway, you put it, this isn't open declared and honest warfare, it's more like terrorism (with no regards for collateral damage).
Personally, I don't think it's suitable for democracies to conduct secret attacks on anybody. I'm confident my country doesn't do it, but well aware that our allies, such as the US, have a long reputation of such hostilities... And I suppose sometimes it can be justified, but is it really necessary these days, the cold war is over.
At the end of the day, it all comes down to the following question:
What possible hope is there of peaceful development, democracy, arab spring and political improvement in Iran if they truly are under attack?
If anything, this will make Iranians more disconnected from independent media, less able to organize and help the authorities convince the people that everybody wants to harm Iran.
Think we can all agree that internet and information technology is the best catalyst for democracy.
You call it malware.
I call it a black ops program using my US tax dollars to attack Iran's nuclear weapons program.
Potato. Tater.
Same diff.
-- Tigger warning: This post may contain tiggers! --
Should have stored their files on the SkyDrive. How could that possibly be compromised, I mean it's in a freaking cloud!
If you reorganize the disk after the delet,e things like File Recovery Pro do not bring the data back. A simple delete can be easily reversed with many over the counter tools if the area of the disk has not been written to.
I am about to attack Iran's Linux computers. I need a little help, though, with the documentation. Could someone please translate this into Persian for me?
1. Iran realizes all these viruses are made for Windows.
2. Iran switches operations to Linux to evade these viruses.
3. US spies learn this and report back that Iran is using Linux.
4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!
5. Iran switches to Apples 'iNuke' app.
Then you've never worked in the DoD.
So it was written by a tween? From 1989?
I browse on +1 so AC's need not respond, I won't see it.
Sophos covered this on their Naked Security blog today. Iran is going off the deep end with this one. The attack could have been written by a 5th grader and contains nothing that is targeted at Iran. Sophos noted that it is amateur compared to Stuxnet, Flame, and the other one widely considered to be written with Iran specifically in mind. Apparently it was a slow day at Iran's CERT.
And many of the Linux server boxes are mapped by Windows clients as say P:. A Windows user infected with write privileges can wipe the share drive. Wiping share drives seems to be the goal.
The truth shall set you free!
That was a result of a compromised login/password, not a trojan.
Not really.
I can completely see Linux going on a DHS list similar to: http://publicintelligence.net/dhs-fbi-suspicious-hotel-guests/
Most (10 of 19) of those apply to me for work (and some for vacation). I can't possibly be that unique of a business traveler (I imagine a large percentage of the people I work with are similar).
And yes, if seeing Linux when checking my laptop at security (it's been a while since I've been somewhere that required me to turn it on though) rose suspicion, I'd be on that list too.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Netcraft confirms it.
Mind the Gap
Yes, it was due to a Trojan.
Linux Organization officials discovered on Aug. 28 that attackers had installed a Trojan and opened a backdoor into kernel.org servers on Aug. 12
Fail.
"You mean 2013 is the year of Linux on Iranian desktops?"
Jihadix? MullahTux?
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
"How do you say Geek Squad in Farsi?"
Let's send them Geek Squad personnel to help.
As if installing the Pahlevis wasn't enough of an insult...
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
yes because no one in iran could possibly write new software
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Lucky i keep all my data on drive A and B.
Excuse me while i change disks.
Please ask yourself the question "how did they gain access to the servers?". Then please read the article again. Then ask yourself again "how did they gain access to the servers?".
Then realize that the article doesn't specify how initial access was gained. Finally, please come back here and apologize for your failure.
"Jihadix?"
No, that's the Muslim friend of Asterix and Obelix.
Wish I had mod points.
"Hello, IT... Have you tried turning it off and on again? Yeah... No problem."
It easier to buy stuff than build your own... Esp when you have lots of oil money to throw at it...
... and especially when you can just pirate it.
They got a trojan installed and opened a backdoor.
a b c d e f g, h i j k lmnop