Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Malware Wiping Data On Computers In Iran

Posted by Soulskill on from the cyberwar-continues dept.

L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."

18 of 95 comments (clear)

  1. Ironically good news for factory windows installs by WWJohnBrowningDo · · Score: 4, Funny

    wiping data from partitions D through I

    Thank God I hid all my porn on C drive!

  2. Ahhh by stackOVFL · · Score: 5, Funny

    The old drone shaped USB drive trick always works!

  3. Re:LOL arabs by Anonymous Coward · · Score: 2, Funny

    There was no holocaust...there are no homosexuals in Iran...Israel doesn't exists....We are....FUCK another computer just vanished off the internet. We are so fucked right now. What's our exchange rate? Quick..sell some oil...right..sanctions...Fuck! Fuck fuck FUCK!

    Stay frosty.

  4. All the jokes aside... by TWX · · Score: 3, Insightful

    ...it's fairly clever to target partitions that aren't the OS partition. I didn't read the article, but if it's targeting all entries mapped on D:-I: then that could be network shares, flash memory, external hard disks, internal extra hard disks, and possibly even files awaiting burn to disc, and with the OS left untouched would not raise suspicion as quickly.

    --
    Do not look into laser with remaining eye.
    1. Re:All the jokes aside... by khasim · · Score: 3, Interesting

      A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.

      It will take a few months longer for real damage to be noticed but by that time it will be too widespread and have infected too many spreadsheets.

      If it is even noticed as a "virus".

    2. Re:All the jokes aside... by oodaloop · · Score: 5, Funny

      Why don't you just let people fuck up their own spreadsheets the old fashioned way - through stupidity and laziness? Why does every task need to be automated?

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    3. Re:All the jokes aside... by BeerCat · · Score: 4, Interesting

      Indeed - I remember nearly 20 years ago the categories of damage that a computer virus could do:

      Wiping the hard disk = "Minor" (if you have a backup, then recover from the backup)

      Random bit swaps in data files = "Catastrophic" (undetected for long enough that even on a long backup cycle, they are all infected. Worse than that, subtly corrupted files are far harder to correct than merely deleted ones)

      --
      "She's furniture with a pulse"
    4. Re:All the jokes aside... by Provocateur · · Score: 2

      through stupidity and laziness

      You left out VBscript.

      Oh, wait...

      --
      WARNING: Smartphones have side effects--most of them undocumented.
  5. Re:Next news articles: by Desler · · Score: 2

    No, they'll just start writing more Linux trojans.

  6. Re:Next news articles: by Desler · · Score: 3, Insightful

    The US Government is full of Linux and Unix machines. You're a moron.

  7. Re:Next news articles: by nospam007 · · Score: 4, Funny

    " Iran switches operations to Linux to evade these viruses."

    You mean 2013 is the year of Linux on Iranian desktops?

  8. Iran has a CERT? by Gothmolly · · Score: 4, Funny

    Why do I picture a guy frantically photoshopping Windows Explorer screenshots to show that there's still data on the D drive?

    --
    I want to delete my account but Slashdot doesn't allow it.
  9. Re:Next news articles: by gl4ss · · Score: 3, Insightful

    they just outsource it(malware creation) anyways. to the same guys who tell them that it's a good idea to dump money on buying that service. it's a good business plan.

    of course though, linux installations rarely autostart something on a drive found on the street and so forth.. but they're targetting windows because their scada etc systems run windows. and yeah it would be much harder to target a random linux or bsd version. but they're not going to run it on random linux or bsd as long as their industrial control sw is controlled form windows applications.

    they could of course write their own industrial control sw. why they don't is a mystery, since it's the only sensible choice if you're building something you're dumping tens of thousands of manpower on.

    --
    world was created 5 seconds before this post as it is.
  10. Internet is the best catalyst for democracy by jopsen · · Score: 2, Interesting

    I can't say this is a bad thing... Hopefully it eats their backups too.

    Why isn't this bad?
    What possible good can come from attacking innocent people?

    While we have no way of knowing who is behind these attacks... With the increase in attacks, targeting and seriousness of the recent attacks we've seen, one could fear that this is state sponsored terrorism. In which case I supose it wouldn't be unreasonable to suspect that Israel and maybe the US could be involved.
    Anyway, you put it, this isn't open declared and honest warfare, it's more like terrorism (with no regards for collateral damage).

    Personally, I don't think it's suitable for democracies to conduct secret attacks on anybody. I'm confident my country doesn't do it, but well aware that our allies, such as the US, have a long reputation of such hostilities... And I suppose sometimes it can be justified, but is it really necessary these days, the cold war is over.

    At the end of the day, it all comes down to the following question:
    What possible hope is there of peaceful development, democracy, arab spring and political improvement in Iran if they truly are under attack?
    If anything, this will make Iranians more disconnected from independent media, less able to organize and help the authorities convince the people that everybody wants to harm Iran.
    Think we can all agree that internet and information technology is the best catalyst for democracy.

    1. Re:Internet is the best catalyst for democracy by fnj · · Score: 2

      ARAB spring in a PERSIAN nation? I'll assume you're kidding because the alternative is you're ignorant.

      Also I think that as TERRORISM nuisance hacks against computers is seriously devaluing the term. I seriously doubt anybody in Iran is TERRIFIED of this nuisance.

  11. You call it malware by WillAffleckUW · · Score: 2, Interesting

    You call it malware.

    I call it a black ops program using my US tax dollars to attack Iran's nuclear weapons program.

    Potato. Tater.

    Same diff.

    --
    -- Tigger warning: This post may contain tiggers! --
  12. Iran is paranoid by Anonymous Coward · · Score: 3, Insightful

    Sophos covered this on their Naked Security blog today. Iran is going off the deep end with this one. The attack could have been written by a 5th grader and contains nothing that is targeted at Iran. Sophos noted that it is amateur compared to Stuxnet, Flame, and the other one widely considered to be written with Iran specifically in mind. Apparently it was a slow day at Iran's CERT.

  13. Re:Linux server - Windows client - Mapped drive by Technician · · Score: 3, Interesting

    And many of the Linux server boxes are mapped by Windows clients as say P:. A Windows user infected with write privileges can wipe the share drive. Wiping share drives seems to be the goal.

    --
    The truth shall set you free!