New Malware Wiping Data On Computers In Iran 95
L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."
All the jokes aside... (Score:4, Insightful)
Re:Next news articles: (Score:3, Insightful)
The US Government is full of Linux and Unix machines. You're a moron.
Re:Next news articles: (Score:4, Insightful)
they just outsource it(malware creation) anyways. to the same guys who tell them that it's a good idea to dump money on buying that service. it's a good business plan.
of course though, linux installations rarely autostart something on a drive found on the street and so forth.. but they're targetting windows because their scada etc systems run windows. and yeah it would be much harder to target a random linux or bsd version. but they're not going to run it on random linux or bsd as long as their industrial control sw is controlled form windows applications.
they could of course write their own industrial control sw. why they don't is a mystery, since it's the only sensible choice if you're building something you're dumping tens of thousands of manpower on.
Iran is paranoid (Score:3, Insightful)
Sophos covered this on their Naked Security blog today. Iran is going off the deep end with this one. The attack could have been written by a 5th grader and contains nothing that is targeted at Iran. Sophos noted that it is amateur compared to Stuxnet, Flame, and the other one widely considered to be written with Iran specifically in mind. Apparently it was a slow day at Iran's CERT.