Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Malware Wiping Data On Computers In Iran

Posted by Soulskill on from the cyberwar-continues dept.

L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."

12 of 95 comments (clear)

  1. Ironically good news for factory windows installs by WWJohnBrowningDo · · Score: 4, Funny

    wiping data from partitions D through I

    Thank God I hid all my porn on C drive!

  2. Ahhh by stackOVFL · · Score: 5, Funny

    The old drone shaped USB drive trick always works!

  3. All the jokes aside... by TWX · · Score: 3, Insightful

    ...it's fairly clever to target partitions that aren't the OS partition. I didn't read the article, but if it's targeting all entries mapped on D:-I: then that could be network shares, flash memory, external hard disks, internal extra hard disks, and possibly even files awaiting burn to disc, and with the OS left untouched would not raise suspicion as quickly.

    --
    Do not look into laser with remaining eye.
    1. Re:All the jokes aside... by khasim · · Score: 3, Interesting

      A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.

      It will take a few months longer for real damage to be noticed but by that time it will be too widespread and have infected too many spreadsheets.

      If it is even noticed as a "virus".

    2. Re:All the jokes aside... by oodaloop · · Score: 5, Funny

      Why don't you just let people fuck up their own spreadsheets the old fashioned way - through stupidity and laziness? Why does every task need to be automated?

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    3. Re:All the jokes aside... by BeerCat · · Score: 4, Interesting

      Indeed - I remember nearly 20 years ago the categories of damage that a computer virus could do:

      Wiping the hard disk = "Minor" (if you have a backup, then recover from the backup)

      Random bit swaps in data files = "Catastrophic" (undetected for long enough that even on a long backup cycle, they are all infected. Worse than that, subtly corrupted files are far harder to correct than merely deleted ones)

      --
      "She's furniture with a pulse"
  4. Re:Next news articles: by Desler · · Score: 3, Insightful

    The US Government is full of Linux and Unix machines. You're a moron.

  5. Re:Next news articles: by nospam007 · · Score: 4, Funny

    " Iran switches operations to Linux to evade these viruses."

    You mean 2013 is the year of Linux on Iranian desktops?

  6. Iran has a CERT? by Gothmolly · · Score: 4, Funny

    Why do I picture a guy frantically photoshopping Windows Explorer screenshots to show that there's still data on the D drive?

    --
    I want to delete my account but Slashdot doesn't allow it.
  7. Re:Next news articles: by gl4ss · · Score: 3, Insightful

    they just outsource it(malware creation) anyways. to the same guys who tell them that it's a good idea to dump money on buying that service. it's a good business plan.

    of course though, linux installations rarely autostart something on a drive found on the street and so forth.. but they're targetting windows because their scada etc systems run windows. and yeah it would be much harder to target a random linux or bsd version. but they're not going to run it on random linux or bsd as long as their industrial control sw is controlled form windows applications.

    they could of course write their own industrial control sw. why they don't is a mystery, since it's the only sensible choice if you're building something you're dumping tens of thousands of manpower on.

    --
    world was created 5 seconds before this post as it is.
  8. Iran is paranoid by Anonymous Coward · · Score: 3, Insightful

    Sophos covered this on their Naked Security blog today. Iran is going off the deep end with this one. The attack could have been written by a 5th grader and contains nothing that is targeted at Iran. Sophos noted that it is amateur compared to Stuxnet, Flame, and the other one widely considered to be written with Iran specifically in mind. Apparently it was a slow day at Iran's CERT.

  9. Re:Linux server - Windows client - Mapped drive by Technician · · Score: 3, Interesting

    And many of the Linux server boxes are mapped by Windows clients as say P:. A Windows user infected with write privileges can wipe the share drive. Wiping share drives seems to be the goal.

    --
    The truth shall set you free!