New Malware Wiping Data On Computers In Iran

← Back to Stories (view on slashdot.org)

New Malware Wiping Data On Computers In Iran

Posted by Soulskill on Tuesday December 18, 2012 @09:35AM from the cyberwar-continues dept.

L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."

95 comments

Min score:

Reason:

Sort:

I tried to go for a frosty by Anonymous Coward · 2012-12-18 09:39 · Score: 0

But my D drive got wiped!
1. Re:I tried to go for a frosty by Anonymous Coward · 2012-12-18 11:48 · Score: 0
  
  Which OS does this malware run on again?
2. Re:I tried to go for a frosty by BrokenHalo · 2012-12-18 21:34 · Score: 1
  
  Which OS does this malware run on again?
  DOS 3.1.
LOL arabs by Anonymous Coward · 2012-12-18 09:40 · Score: 0, Troll

Too busy fucking camels and staring at ankle porn to install an AV suite?
1. Re:LOL arabs by Anonymous Coward · 2012-12-18 09:42 · Score: -1
  
  you don't know the 1/2 of it good sir.
2. Re:LOL arabs by Anonymous Coward · 2012-12-18 09:47 · Score: 2, Funny
  
  There was no holocaust...there are no homosexuals in Iran...Israel doesn't exists....We are....FUCK another computer just vanished off the internet. We are so fucked right now. What's our exchange rate? Quick..sell some oil...right..sanctions...Fuck! Fuck fuck FUCK!
  Stay frosty.
3. Re:LOL arabs by K.+S.+Kyosuke · 2012-12-18 09:52 · Score: 1
  
  Too busy fucking camels and staring at ankle porn to install an AV suite?
  Quite possible, only in this case it would be *Persians* watching ankle porn of Arabs fucking camels, if you're really so insistent on pulling nationalities into the debate.
  
  --
  Ezekiel 23:20
4. Re:LOL arabs by Anonymous Coward · 2012-12-18 10:10 · Score: -1
  
  You mean ethnicity, right?
  Also, successful troll is successful. I was waiting for the frothing at the mouth "But dey is teh persians not a-rabs!!" response.
5. Re:LOL arabs by Anonymous Coward · 2012-12-18 10:18 · Score: -1, Troll
  
  Typical american views on Iran
6. Re:LOL arabs by Anonymous Coward · 2012-12-18 10:29 · Score: -1
  
  chkdsk complete!
  There was no Iran.
7. Re:LOL arabs by Anonymous Coward · 2012-12-18 10:31 · Score: 0
  
  Typical world views on americans.
  why do you assume the poster is american?
8. Re:LOL arabs by Anonymous Coward · 2012-12-18 10:39 · Score: -1
  
  Too busy fucking camels and staring at ankle porn to install an AV suite?
  Quite possible, only in this case it would be *Persians* watching ankle porn of Arabs fucking camels, if you're really so insistent on pulling nationalities into the debate.
  So.... you're saying there's a difference between "Persians" and "Arabs"? I'm calling bullshit.
9. Re:LOL arabs by Anonymous Coward · 2012-12-18 10:46 · Score: -1
  
  Maybe someone should just hack an EMP warheaded missile and detonate it above Iran. That sounds a lot faster than this BS, lol.
10. Re:LOL arabs by gl4ss · 2012-12-18 11:15 · Score: 0
  
  Typical world views on americans.
  why do you assume the poster is american?
  an european would have laughed at iranians smuggling porn by pack-asses over the mountains.
  face it, Iran isn't exactly a socialist heaven. neither was ussr. plenty of asshats liked to think so just to spite the western establishment though.
  
  --
  world was created 5 seconds before this post as it is.
11. Re:LOL arabs by Anonymous Coward · 2012-12-18 12:37 · Score: 0
  
  Yeah yeah, EMPs aren't magic data erasing bombs.
  Hard drives are shielded 2 or 3 times even in consumer grade computers.
12. Re:LOL arabs by Anonymous Coward · 2012-12-18 15:07 · Score: 1
  
  There was no holocaust...there are no homosexuals in Iran...Israel doesn't exists....We are....FUCK another computer just vanished off the internet. We are so fucked right now. What's our exchange rate? Quick..sell some oil...right..sanctions...Fuck! Fuck fuck FUCK!
  Stay frosty.
  
  Typical american views on Iran
  
  Typical world views on americans.
  why do you assume the poster is american?
  
  an european would have laughed at iranians smuggling porn by pack-asses over the mountains.
  face it, Iran isn't exactly a socialist heaven. neither was ussr. plenty of asshats liked to think so just to spite the western establishment though.
  where the fuck does porn and socialism enter into the question?
13. Re:LOL arabs by Anonymous Coward · 2012-12-18 17:29 · Score: 0
  
  why do you assume the poster is american?
  Uh, because:
  1) Principally American demographic here.
  2) Use of the phrase "stay frosty"
  3) Typical American views on Iran
14. Re:LOL arabs by Anonymous Coward · 2012-12-18 18:04 · Score: 0
  
  Also:
  4) Believes Iranians are Arabs...
15. Re:LOL arabs by fredrated · 2012-12-19 01:27 · Score: 1
  
  What's the matter, your ass hurt?
16. Re:LOL arabs by SleazyRidr · 2012-12-19 02:37 · Score: 1
  
  face it, Iran isn't exactly a socialist heaven. neither was ussr. plenty of asshats liked to think so just to spite the western establishment though.
  Compared to the libertarian paradise of Somalia?
  
  --
  Is 1563649 a prime number?
17. Re:LOL arabs by K.+S.+Kyosuke · 2012-12-19 09:04 · Score: 1
  
  Actually, no, I did it for the joke in it.
  
  --
  Ezekiel 23:20
Ironically good news for factory windows installs by WWJohnBrowningDo · 2012-12-18 09:40 · Score: 4, Funny

wiping data from partitions D through I
Thank God I hid all my porn on C drive!
Ahhh by stackOVFL · 2012-12-18 09:46 · Score: 5, Funny

The old drone shaped USB drive trick always works!
1. Re:Ahhh by mjwx · 2012-12-18 15:57 · Score: 1
  
  The old drone shaped USB drive trick
  That's the third time I've fallen for that this week.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
Next news articles: by Anonymous Coward · 2012-12-18 09:47 · Score: -1

1. Iran realizes all these viruses are made for Windows.
2. Iran switches operations to Linux to evade these viruses.
3. US spies learn this and report back that Iran is using Linux.
4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!
1. Re:Next news articles: by Anonymous Coward · 2012-12-18 10:03 · Score: 0
  
  Or the US just writes new viruses that take advantage of Linux/Linux application's vulnerabilities. Hackers lack of interest won't save you now.
2. Re:Next news articles: by Anonymous Coward · 2012-12-18 10:06 · Score: -1
  
  Or the US just writes new viruses that take advantage of Linux/Linux application's vulnerabilities. Hackers lack of interest won't save you now.
  You're implying the US has the drive or wherewithal to learn a new OS in that matter, rather than take the lazy, more controlling option of scare tactics to terrorize everyone into agreeing with them for easier results? Wow. There's apparently been a major shift in Slashdot recently if the general faith in the US's talents has been restored. Go USA!
3. Re:Next news articles: by Desler · 2012-12-18 10:13 · Score: 2
  
  No, they'll just start writing more Linux trojans.
4. Re:Next news articles: by Desler · 2012-12-18 10:14 · Score: 3, Insightful
  
  The US Government is full of Linux and Unix machines. You're a moron.
5. Re:Next news articles: by nospam007 · 2012-12-18 10:16 · Score: 4, Funny
  
  " Iran switches operations to Linux to evade these viruses."
  You mean 2013 is the year of Linux on Iranian desktops?
6. Re:Next news articles: by Anonymous Coward · 2012-12-18 10:25 · Score: 0
  
  We're not talking about what figureheads and regulators push on public agencies and office drones, we're talking about the IC. The government, and particularly the agencies that engage in things like offensive cyber attacks and malware creation, uses plenty of *nix systems. If you can create something like Stuxnet, you can rewrite a basic data-wiping program for a different OS - especially if that OS is usually run without any antivirus software that might actually catch that program.
7. Re:Next news articles: by Anonymous Coward · 2012-12-18 10:26 · Score: -1
  
  The US Government is full of Linux and Unix machines. You're a moron.
  The US Government is also full of shoes, and it's been full of shoes for one hell of a lot longer than it's been full of Linux and Unix machines. Yet all it took was one dipshit trying (and failing!) to blow up a plane with them, and now we've got another step in the already-ludicrous TSA line in any airport in the country (and any airport flying into the country). Are you trying to tell me that US enforcement of paranoia and protection is so utterly and miserably inconsistent such that all footwear is now subject to government scrutiny and suspicion due to the actions of one terrorist, yet we're going to give a free pass to an OS used by a nation of terrorists?
8. Re:Next news articles: by Desler · 2012-12-18 10:28 · Score: 1
  
  yet we're going to give a free pass to an OS used by a nation of terrorists?
  Yes. Now stop being an idiot.
9. Re:Next news articles: by kelemvor4 · 2012-12-18 10:44 · Score: 1
  
  1. Iran realizes all these viruses are made for Windows. 2. Iran switches operations to Linux to evade these viruses. 3. US spies learn this and report back that Iran is using Linux. 4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!
  5. Iran realizes all their software is made for windows and won't run on Linux. 6. Iran switches back.
10. Re:Next news articles: by Razgorov+Prikazka · 2012-12-18 10:59 · Score: 0
  
  I thought we all agreed that any predictions after 21 December 2012 were futile?
  Don't you know? We got a beowulf cluster of Mayans with frikkin lasers on their heads (bought wit bitcoins, operated by RaspPi's) is hurtling our way to destroy us all...
  Wait...
  Wait...
  Just a second...
  YUP!!! ...I think I covered it all now...
  
  --
  rm -rf --no-preserve-root / ...and let /dev/null sort them out...
11. Re:Next news articles: by Anonymous Coward · 2012-12-18 11:08 · Score: 0
  
  No they really don't.
12. Re:Next news articles: by gl4ss · 2012-12-18 11:10 · Score: 3, Insightful
  
  they just outsource it(malware creation) anyways. to the same guys who tell them that it's a good idea to dump money on buying that service. it's a good business plan.
  of course though, linux installations rarely autostart something on a drive found on the street and so forth.. but they're targetting windows because their scada etc systems run windows. and yeah it would be much harder to target a random linux or bsd version. but they're not going to run it on random linux or bsd as long as their industrial control sw is controlled form windows applications.
  they could of course write their own industrial control sw. why they don't is a mystery, since it's the only sensible choice if you're building something you're dumping tens of thousands of manpower on.
  
  --
  world was created 5 seconds before this post as it is.
13. Re:Next news articles: by Anonymous Coward · 2012-12-18 11:47 · Score: 0
  
  I am about to attack Iran's Linux computers. I need a little help, though, with the documentation. Could someone please translate this into Persian for me?
  
  After downloading your malware, go to your download directory and type "chmod +x malware.sh". To use this malware to its full capabilities, remember to type "sudo ./malware.sh" and then type your password carefully (case matters!). Failure to follow these directions will result in the malware either failing to run, or not having write access to your partitions. People who try to use this malware without following the directions, will be mocked hatefully when they ask for help. So follow the directions, dimwit!
14. Re:Next news articles: by drkim · 2012-12-18 11:48 · Score: 1
  
  1. Iran realizes all these viruses are made for Windows.
  2. Iran switches operations to Linux to evade these viruses.
  3. US spies learn this and report back that Iran is using Linux.
  4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!
  5. Iran switches to Apples 'iNuke' app.
15. Re:Next news articles: by Desler · 2012-12-18 12:00 · Score: 1
  
  Then you've never worked in the DoD.
16. Re:Next news articles: by Anonymous Coward · 2012-12-18 12:14 · Score: 1
  
  That was a result of a compromised login/password, not a trojan.
17. Re:Next news articles: by AvitarX · 2012-12-18 13:07 · Score: 1
  
  Not really.
  I can completely see Linux going on a DHS list similar to: http://publicintelligence.net/dhs-fbi-suspicious-hotel-guests/
  Most (10 of 19) of those apply to me for work (and some for vacation). I can't possibly be that unique of a business traveler (I imagine a large percentage of the people I work with are similar).
  And yes, if seeing Linux when checking my laptop at security (it's been a while since I've been somewhere that required me to turn it on though) rose suspicion, I'd be on that list too.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
18. Re:Next news articles: by Eric+S.+Smith · 2012-12-18 13:14 · Score: 1
  
  Netcraft confirms it.
  
  --
  Mind the Gap
19. Re:Next news articles: by Desler · 2012-12-18 14:35 · Score: 0
  
  Yes, it was due to a Trojan.
  
  Linux Organization officials discovered on Aug. 28 that attackers had installed a Trojan and opened a backdoor into kernel.org servers on Aug. 12
  Fail.
20. Re:Next news articles: by couchslug · 2012-12-18 14:56 · Score: 1
  
  "You mean 2013 is the year of Linux on Iranian desktops?"
  Jihadix? MullahTux?
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
21. Re:Next news articles: by lister+king+of+smeg · 2012-12-18 15:38 · Score: 1
  
  yes because no one in iran could possibly write new software
  
  --
  ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
22. Re:Next news articles: by Anonymous Coward · 2012-12-18 21:22 · Score: 1
  
  Please ask yourself the question "how did they gain access to the servers?". Then please read the article again. Then ask yourself again "how did they gain access to the servers?".
  Then realize that the article doesn't specify how initial access was gained. Finally, please come back here and apologize for your failure.
23. Re:Next news articles: by Anonymous Coward · 2012-12-18 22:07 · Score: 0
  
  "Jihadix?"
  No, that's the Muslim friend of Asterix and Obelix.
24. Re:Next news articles: by filmorris · 2012-12-18 22:20 · Score: 1
  
  Wish I had mod points.
  
  --
  "Hello, IT... Have you tried turning it off and on again? Yeah... No problem."
25. Re:Next news articles: by Anonymous Coward · 2012-12-19 02:01 · Score: 0
  
  It easier to buy stuff than build your own... Esp when you have lots of oil money to throw at it...
26. Re:Next news articles: by kyrsjo · 2012-12-19 02:55 · Score: 1
  
  ... and especially when you can just pirate it.
27. Re:Next news articles: by Desler · 2012-12-19 05:11 · Score: 1
  
  They got a trojan installed and opened a backdoor.
All the jokes aside... by TWX · 2012-12-18 09:49 · Score: 3, Insightful

...it's fairly clever to target partitions that aren't the OS partition. I didn't read the article, but if it's targeting all entries mapped on D:-I: then that could be network shares, flash memory, external hard disks, internal extra hard disks, and possibly even files awaiting burn to disc, and with the OS left untouched would not raise suspicion as quickly.

--
Do not look into laser with remaining eye.
1. Re:All the jokes aside... by Anonymous Coward · 2012-12-18 09:53 · Score: 0
  
  I seriously doubt it can "wipe" a network share via UNC path. Maybe del *.*, but that will be bound by NTFS permissions.
2. Re:All the jokes aside... by Anonymous Coward · 2012-12-18 09:58 · Score: 0
  
  Indeed... and you know how lazy Windows admins are. I'm sure everyone is running with Domain Admin privileges.
3. Re:All the jokes aside... by khasim · 2012-12-18 10:05 · Score: 3, Interesting
  
  A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.
  It will take a few months longer for real damage to be noticed but by that time it will be too widespread and have infected too many spreadsheets.
  If it is even noticed as a "virus".
4. Re:All the jokes aside... by oodaloop · 2012-12-18 10:34 · Score: 5, Funny
  
  Why don't you just let people fuck up their own spreadsheets the old fashioned way - through stupidity and laziness? Why does every task need to be automated?
  
  --
  Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
5. Re:All the jokes aside... by BeerCat · 2012-12-18 10:55 · Score: 4, Interesting
  
  Indeed - I remember nearly 20 years ago the categories of damage that a computer virus could do:
  Wiping the hard disk = "Minor" (if you have a backup, then recover from the backup)
  Random bit swaps in data files = "Catastrophic" (undetected for long enough that even on a long backup cycle, they are all infected. Worse than that, subtly corrupted files are far harder to correct than merely deleted ones)
  
  --
  "She's furniture with a pulse"
6. Re:All the jokes aside... by Anonymous Coward · 2012-12-18 11:09 · Score: 0
  
  There was at least one macro virus that did exactly that.
7. Re:All the jokes aside... by Anonymous Coward · 2012-12-18 11:55 · Score: 0
  
  Maybe this is being done and Iran hasn't discovered it yet!
8. Re:All the jokes aside... by Provocateur · 2012-12-18 12:40 · Score: 2
  
  through stupidity and laziness
  You left out VBscript.
  Oh, wait...
  
  --
  WARNING: Smartphones have side effects--most of them undocumented.
9. Re:All the jokes aside... by richlv · 2012-12-18 15:52 · Score: 1
  
  well, one joke still stands. what the fuck are "partitions D through I" ?
  none of the partition table i can set up seems to use anything like that...
  yeah, yeah, i'm complaining about an extremely low level of quality of a slashdot article. and no, original source being crap in that area is no excuse :)
  
  --
  Rich
10. Re:All the jokes aside... by Anonymous Coward · 2012-12-18 17:26 · Score: 0
  
  I'm sure everyone is running with Domain Admin privileges.
  Ehh, it's easier that way.
11. Re:All the jokes aside... by grep+-v+'.*'+* · 2012-12-19 08:09 · Score: 1
  
  A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.
  Reminds me of an old dBase virus under MS-DOS. If you got it, it would slowly (over many months) corrupt the data in your files while keeping a hidden list of changes. As you read a corrupted record, it would temporary repair it so everything seemed A-OK.
  
  Then one fine day it would commit suicide taking it's delta with it, leaving you the corrupted file and months of corrupted backups.
  
  First one like that I had seen; I thought it was ingenious.
  
  --
  If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
12. Re:All the jokes aside... by Unequivocal · 2012-12-19 08:42 · Score: 1
  
  Lost in the operator game.. The original article talks about *drives* D through I on a Windows machine. Some idiot (appears to be Michael Mimoso) decided that "partition" is a more pro-sounding synonym for "drive" and started using both interchangeably in the article from OP. So we are all left scratching our heads. The point I think is that the thing tries to destroy data on network and attached storage devices, rather than wiping C drive which would give itself away much more quickly..
Just a test by Anonymous Coward · 2012-12-18 09:56 · Score: 1

Well it seems like Iran has become the testing ground for the new weaponized computer arms race.
I can't say this is a bad thing by eld101 · 2012-12-18 10:13 · Score: -1, Flamebait

I can't say this is a bad thing... Hopefully it eats their backups too.
bat2exe ? by zacherynuk · 2012-12-18 10:17 · Score: 1

I've never written a batch file over 64k before to warrant such extravagant conversion (Unless you count the REMs)
Kudos.
Iran has a CERT? by Gothmolly · 2012-12-18 10:24 · Score: 4, Funny

Why do I picture a guy frantically photoshopping Windows Explorer screenshots to show that there's still data on the D drive?

--
I want to delete my account but Slashdot doesn't allow it.
1. Re:Iran has a CERT? by volxdragon · 2012-12-18 13:41 · Score: 0
  
  Thanks! I now have beer all over my desk.... Oh to still have mod points...
FILTHY J00Z by Anonymous Coward · 2012-12-18 11:01 · Score: -1

The fucking Jooz strike again. If they can't steal it and rent it back to you? They shit all over it, so its no good to anyone.
So in response Iran creates its own internet and.. by 3seas · 2012-12-18 11:09 · Score: -1, Troll

none of the rest of the world has access.
This way the rest oif the world can be fooled to think Iran is evil. You know no outside communication to prove otherwise.
Internet is the best catalyst for democracy by jopsen · 2012-12-18 11:16 · Score: 2, Interesting

I can't say this is a bad thing... Hopefully it eats their backups too.
Why isn't this bad?
What possible good can come from attacking innocent people?

While we have no way of knowing who is behind these attacks... With the increase in attacks, targeting and seriousness of the recent attacks we've seen, one could fear that this is state sponsored terrorism. In which case I supose it wouldn't be unreasonable to suspect that Israel and maybe the US could be involved.
Anyway, you put it, this isn't open declared and honest warfare, it's more like terrorism (with no regards for collateral damage).

Personally, I don't think it's suitable for democracies to conduct secret attacks on anybody. I'm confident my country doesn't do it, but well aware that our allies, such as the US, have a long reputation of such hostilities... And I suppose sometimes it can be justified, but is it really necessary these days, the cold war is over.

At the end of the day, it all comes down to the following question:
What possible hope is there of peaceful development, democracy, arab spring and political improvement in Iran if they truly are under attack?
If anything, this will make Iranians more disconnected from independent media, less able to organize and help the authorities convince the people that everybody wants to harm Iran.
Think we can all agree that internet and information technology is the best catalyst for democracy.
1. Re:Internet is the best catalyst for democracy by fnj · 2012-12-18 14:08 · Score: 2
  
  ARAB spring in a PERSIAN nation? I'll assume you're kidding because the alternative is you're ignorant.
  Also I think that as TERRORISM nuisance hacks against computers is seriously devaluing the term. I seriously doubt anybody in Iran is TERRIFIED of this nuisance.
2. Re:Internet is the best catalyst for democracy by Anonymous Coward · 2012-12-18 14:59 · Score: -1
  
  No, having half an internet controlled by the state is worse than none at all. Nothing is worse for democracy in a place like Iran than allowing the populace to become apathetic because their government is not constantly grinding them underfoot. The best thing we could do is keep up the pressure as high as possible. Make the iranian government constantly crack down restrict and otherwise piss off its people, that way they have a reason to fight. Keep up the good work state sponsored cyber warfare!!
3. Re:Internet is the best catalyst for democracy by cpghost · 2012-12-19 01:06 · Score: 1
  
  What possible hope is there of peaceful development, democracy, arab spring and political improvement in Iran if they truly are under attack?
  What makes you think that the so called "arab spring" which is really an "islamist winter" is about democracy? But save for that, you're right: Iran's society is undergoing a big transformation right now, and if attacked, that would slow down the inevitable downfall of their clerical system... which would be sad.
  
  --
  cpghost at Cordula's Web.
4. Re:Internet is the best catalyst for democracy by jopsen · 2012-12-19 02:39 · Score: 1
  
  ARAB spring in a PERSIAN nation? I'll assume you're kidding because the alternative is you're ignorant.
  That's quite possible, I don't claim to be a middle east expert.
  And yes, you're probably right, calling hacks for terrorism might be more of a stretch than what is good :)
  (Sorry about that)
  
  Nevertheless, I maintain that if you want to resolve conflicts by force, then at the very least you ought to have the decency and integrity to be honest about it.
5. Re:Internet is the best catalyst for democracy by jopsen · 2012-12-19 02:45 · Score: 1
  
  Make the iranian government constantly crack down restrict and otherwise piss off its people, that way they have a reason to fight.
  But who will they fight? I believe history have shown that when you attack a country it only brings them closer together.
  
  Keep up the good work state sponsored cyber warfare!!
  I wonder how skynet started...
You call it malware by WillAffleckUW · 2012-12-18 11:39 · Score: 2, Interesting

You call it malware.
I call it a black ops program using my US tax dollars to attack Iran's nuclear weapons program.
Potato. Tater.
Same diff.

--
-- Tigger warning: This post may contain tiggers! --
1. Re:You call it malware by pclminion · 2012-12-18 12:30 · Score: 1
  
  A government funded cyber campaign based on BAT2EXE and 16-bit code? Which doesn't even work effectively? If your goal is actually to destroy files, and you are a nation state, then you understand that simply deleting the files using the "del" command is not actually going to destroy any data. (I have no evidence that "del" was used, but hey, they ain't releasing the binary for me to analyze.)
  If this was perpetrated by a nation state, then it must be meant as some kind of weird psy-op to confuse the shit out of people. I think chances are better that it was written by an idiot.
2. Re:You call it malware by WillAffleckUW · 2012-12-18 12:59 · Score: 1
  
  Unless it was a delivery vehicle that destroyed its traces.
  I used to write those back in the 80s. One code to deliver. One code to clean up. Then it looks like it was only the latter.
  
  --
  -- Tigger warning: This post may contain tiggers! --
3. Re:You call it malware by Anonymous Coward · 2012-12-18 13:08 · Score: 0
  
  I think chances are better that it was written by an idiot.
  So yeah, American or Israeli government obviously.
4. Re:You call it malware by Jeremi · 2012-12-18 14:16 · Score: 1
  
  I call it a black ops program using my US tax dollars to attack Iran's nuclear weapons program.
  If you want, but when something wipes out all the files on your computer, be sure to refer to it as "someone attacking the USA's nuclear weapons program". Sauce for the gander and all that.
  
  --
  
  I don't care if it's 90,000 hectares. That lake was not my doing.
Serves them right by Anonymous Coward · 2012-12-18 11:44 · Score: 0

Should have stored their files on the SkyDrive. How could that possibly be compromised, I mean it's in a freaking cloud!
Your theory on the running of chkdsk. by Anonymous Coward · 2012-12-18 11:47 · Score: 0

After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure.
If you reorganize the disk after the delet,e things like File Recovery Pro do not bring the data back. A simple delete can be easily reversed with many over the counter tools if the area of the disk has not been written to.
1. Re:Your theory on the running of chkdsk. by Anonymous Coward · 2012-12-19 15:20 · Score: 0
  
  Right, everyone knows that you run defrag or chkdsk if you've deleted files that you don't want undelete to find. Makes me wonder about the credentials of "Roel, Kaspersky Lab Expert".
BAT2EXE?? by EvilSS · 2012-12-18 12:09 · Score: 1

So it was written by a tween? From 1989?

--
I browse on +1 so AC's need not respond, I won't see it.
1. Re:BAT2EXE?? by gandhi_2 · 2012-12-18 18:34 · Score: 1
  
  Ahh yes.
  I remember a semi-nude Vanna White .gif file, gif2exe, and a jr high school labs shared autoexec.bat file....
  Those were the days. In full dithered, grainy awesomeness.
  
  --
  THL phish sticks
Iran is paranoid by Anonymous Coward · 2012-12-18 12:09 · Score: 3, Insightful

Sophos covered this on their Naked Security blog today. Iran is going off the deep end with this one. The attack could have been written by a 5th grader and contains nothing that is targeted at Iran. Sophos noted that it is amateur compared to Stuxnet, Flame, and the other one widely considered to be written with Iran specifically in mind. Apparently it was a slow day at Iran's CERT.
1. Re:Iran is paranoid by lister+king+of+smeg · 2012-12-18 15:53 · Score: 1
  
  if it is confined to iran it sounds to me like a domestic attacker, seeing how much hell he can cause while only hitting 32(or 16bit but if their nuclear program is running on 16bit windows it truly pity them as the latest they could have would be what 98SE?) bit targets
  
  --
  ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Re:Linux server - Windows client - Mapped drive by Technician · 2012-12-18 12:14 · Score: 3, Interesting

And many of the Linux server boxes are mapped by Windows clients as say P:. A Windows user infected with write privileges can wipe the share drive. Wiping share drives seems to be the goal.

--
The truth shall set you free!
Iran's computer emergency response team? by Anonymous Coward · 2012-12-18 12:27 · Score: -1

How do you say Geek Squad in Farsi?
1. Re:Iran's computer emergency response team? by couchslug · 2012-12-18 15:00 · Score: 1
  
  "How do you say Geek Squad in Farsi?"
  Let's send them Geek Squad personnel to help.
  As if installing the Pahlevis wasn't enough of an insult...
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
I'm safe by Anonymous Coward · 2012-12-18 17:24 · Score: 0

Lucky i keep all my data on drive A and B.
Excuse me while i change disks.
P is not in the range of D through I by Anonymous Coward · 2012-12-19 15:23 · Score: 0

a b c d e f g, h i j k lmnop