New Malware Wiping Data On Computers In Iran

L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."

Re:All the jokes aside...

[khasim]

A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.

It will take a few months longer for real damage to be noticed but by that time it will be too widespread and have infected too many spreadsheets.

If it is even noticed as a "virus".

Re:All the jokes aside...

[BeerCat]

Indeed - I remember nearly 20 years ago the categories of damage that a computer virus could do:

Wiping the hard disk = "Minor" (if you have a backup, then recover from the backup)

Random bit swaps in data files = "Catastrophic" (undetected for long enough that even on a long backup cycle, they are all infected. Worse than that, subtly corrupted files are far harder to correct than merely deleted ones)

Re:Linux server - Windows client - Mapped drive

[Technician]

And many of the Linux server boxes are mapped by Windows clients as say P:. A Windows user infected with write privileges can wipe the share drive. Wiping share drives seems to be the goal.