Forgot your password?
typodupeerror
Security IT

New Malware Wiping Data On Computers In Iran 95

Posted by Soulskill
from the cyberwar-continues dept.
L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."
This discussion has been archived. No new comments can be posted.

New Malware Wiping Data On Computers In Iran

Comments Filter:
  • by khasim (1285) <brandioch.conner@gmail.com> on Tuesday December 18, 2012 @05:05PM (#42330895)

    A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.

    It will take a few months longer for real damage to be noticed but by that time it will be too widespread and have infected too many spreadsheets.

    If it is even noticed as a "virus".

  • by BeerCat (685972) on Tuesday December 18, 2012 @05:55PM (#42331407) Homepage

    Indeed - I remember nearly 20 years ago the categories of damage that a computer virus could do:

    Wiping the hard disk = "Minor" (if you have a backup, then recover from the backup)

    Random bit swaps in data files = "Catastrophic" (undetected for long enough that even on a long backup cycle, they are all infected. Worse than that, subtly corrupted files are far harder to correct than merely deleted ones)

  • by jopsen (885607) <jopsen@gmail.com> on Tuesday December 18, 2012 @06:16PM (#42331579) Homepage

    I can't say this is a bad thing... Hopefully it eats their backups too.

    Why isn't this bad?
    What possible good can come from attacking innocent people?

    While we have no way of knowing who is behind these attacks... With the increase in attacks, targeting and seriousness of the recent attacks we've seen, one could fear that this is state sponsored terrorism. In which case I supose it wouldn't be unreasonable to suspect that Israel and maybe the US could be involved.
    Anyway, you put it, this isn't open declared and honest warfare, it's more like terrorism (with no regards for collateral damage).

    Personally, I don't think it's suitable for democracies to conduct secret attacks on anybody. I'm confident my country doesn't do it, but well aware that our allies, such as the US, have a long reputation of such hostilities... And I suppose sometimes it can be justified, but is it really necessary these days, the cold war is over.

    At the end of the day, it all comes down to the following question:
    What possible hope is there of peaceful development, democracy, arab spring and political improvement in Iran if they truly are under attack?
    If anything, this will make Iranians more disconnected from independent media, less able to organize and help the authorities convince the people that everybody wants to harm Iran.
    Think we can all agree that internet and information technology is the best catalyst for democracy.

  • You call it malware (Score:2, Interesting)

    by WillAffleckUW (858324) on Tuesday December 18, 2012 @06:39PM (#42331793) Homepage Journal

    You call it malware.

    I call it a black ops program using my US tax dollars to attack Iran's nuclear weapons program.

    Potato. Tater.

    Same diff.

  • by Technician (215283) on Tuesday December 18, 2012 @07:14PM (#42332093)

    And many of the Linux server boxes are mapped by Windows clients as say P:. A Windows user infected with write privileges can wipe the share drive. Wiping share drives seems to be the goal.

This process can check if this value is zero, and if it is, it does something child-like. -- Forbes Burkowski, CS 454, University of Washington

Working...