New Malware Wiping Data On Computers In Iran 95
L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."
Re: (Score:1)
Which OS does this malware run on again?
DOS 3.1.
Re: (Score:2, Funny)
There was no holocaust...there are no homosexuals in Iran...Israel doesn't exists....We are....FUCK another computer just vanished off the internet. We are so fucked right now. What's our exchange rate? Quick..sell some oil...right..sanctions...Fuck! Fuck fuck FUCK!
Stay frosty.
Re: (Score:1)
Typical world views on americans.
why do you assume the poster is american?
an european would have laughed at iranians smuggling porn by pack-asses over the mountains.
face it, Iran isn't exactly a socialist heaven. neither was ussr. plenty of asshats liked to think so just to spite the western establishment though.
Re: (Score:1)
There was no holocaust...there are no homosexuals in Iran...Israel doesn't exists....We are....FUCK another computer just vanished off the internet. We are so fucked right now. What's our exchange rate? Quick..sell some oil...right..sanctions...Fuck! Fuck fuck FUCK!
Stay frosty.
Typical american views on Iran
Typical world views on americans.
why do you assume the poster is american?
an european would have laughed at iranians smuggling porn by pack-asses over the mountains.
face it, Iran isn't exactly a socialist heaven. neither was ussr. plenty of asshats liked to think so just to spite the western establishment though.
where the fuck does porn and socialism enter into the question?
Re: (Score:2)
face it, Iran isn't exactly a socialist heaven. neither was ussr. plenty of asshats liked to think so just to spite the western establishment though.
Compared to the libertarian paradise of Somalia?
Re: (Score:2)
Too busy fucking camels and staring at ankle porn to install an AV suite?
Quite possible, only in this case it would be *Persians* watching ankle porn of Arabs fucking camels, if you're really so insistent on pulling nationalities into the debate.
Re: (Score:2)
Re: (Score:2)
What's the matter, your ass hurt?
Ironically good news for factory windows installs (Score:4, Funny)
wiping data from partitions D through I
Thank God I hid all my porn on C drive!
Ahhh (Score:5, Funny)
The old drone shaped USB drive trick always works!
Re: (Score:2)
The old drone shaped USB drive trick
That's the third time I've fallen for that this week.
Re: (Score:3, Insightful)
The US Government is full of Linux and Unix machines. You're a moron.
Re: (Score:1)
yet we're going to give a free pass to an OS used by a nation of terrorists?
Yes. Now stop being an idiot.
Re: (Score:1)
Not really.
I can completely see Linux going on a DHS list similar to: http://publicintelligence.net/dhs-fbi-suspicious-hotel-guests/ [publicintelligence.net]
Most (10 of 19) of those apply to me for work (and some for vacation). I can't possibly be that unique of a business traveler (I imagine a large percentage of the people I work with are similar).
And yes, if seeing Linux when checking my laptop at security (it's been a while since I've been somewhere that required me to turn it on though) rose suspicion, I'd be on that list too.
Re: (Score:1)
Then you've never worked in the DoD.
Re:Linux server - Windows client - Mapped drive (Score:4, Interesting)
And many of the Linux server boxes are mapped by Windows clients as say P:. A Windows user infected with write privileges can wipe the share drive. Wiping share drives seems to be the goal.
Re:Next news articles: (Score:4, Insightful)
they just outsource it(malware creation) anyways. to the same guys who tell them that it's a good idea to dump money on buying that service. it's a good business plan.
of course though, linux installations rarely autostart something on a drive found on the street and so forth.. but they're targetting windows because their scada etc systems run windows. and yeah it would be much harder to target a random linux or bsd version. but they're not going to run it on random linux or bsd as long as their industrial control sw is controlled form windows applications.
they could of course write their own industrial control sw. why they don't is a mystery, since it's the only sensible choice if you're building something you're dumping tens of thousands of manpower on.
Re: (Score:2)
No, they'll just start writing more Linux trojans. [eweek.com]
Re: (Score:1)
That was a result of a compromised login/password, not a trojan.
Re: (Score:1)
Please ask yourself the question "how did they gain access to the servers?". Then please read the article again. Then ask yourself again "how did they gain access to the servers?".
Then realize that the article doesn't specify how initial access was gained. Finally, please come back here and apologize for your failure.
Re: (Score:1)
They got a trojan installed and opened a backdoor.
Re:Next news articles: (Score:5, Funny)
" Iran switches operations to Linux to evade these viruses."
You mean 2013 is the year of Linux on Iranian desktops?
Re: (Score:1)
Don't you know? We got a beowulf cluster of Mayans with frikkin lasers on their heads (bought wit bitcoins, operated by RaspPi's) is hurtling our way to destroy us all...
Wait...
Wait...
Just a second...
YUP!!!
Re: (Score:2)
Re: (Score:2)
"You mean 2013 is the year of Linux on Iranian desktops?"
Jihadix? MullahTux?
Re: (Score:1)
Re: (Score:2)
1. Iran realizes all these viruses are made for Windows. 2. Iran switches operations to Linux to evade these viruses. 3. US spies learn this and report back that Iran is using Linux. 4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!
5. Iran realizes all their software is made for windows and won't run on Linux. 6. Iran switches back.
Re: (Score:2)
yes because no one in iran could possibly write new software
Re: (Score:1)
... and especially when you can just pirate it.
Re: (Score:2)
1. Iran realizes all these viruses are made for Windows.
2. Iran switches operations to Linux to evade these viruses.
3. US spies learn this and report back that Iran is using Linux.
4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!
5. Iran switches to Apples 'iNuke' app.
All the jokes aside... (Score:4, Insightful)
Re:All the jokes aside... (Score:4, Interesting)
A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.
It will take a few months longer for real damage to be noticed but by that time it will be too widespread and have infected too many spreadsheets.
If it is even noticed as a "virus".
Re:All the jokes aside... (Score:5, Funny)
Re: (Score:3)
through stupidity and laziness
You left out VBscript.
Oh, wait...
Re:All the jokes aside... (Score:5, Interesting)
Indeed - I remember nearly 20 years ago the categories of damage that a computer virus could do:
Wiping the hard disk = "Minor" (if you have a backup, then recover from the backup)
Random bit swaps in data files = "Catastrophic" (undetected for long enough that even on a long backup cycle, they are all infected. Worse than that, subtly corrupted files are far harder to correct than merely deleted ones)
Re: (Score:1)
A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.
Reminds me of an old dBase virus under MS-DOS. If you got it, it would slowly (over many months) corrupt the data in your files while keeping a hidden list of changes. As you read a corrupted record, it would temporary repair it so everything seemed A-OK.
Then one fine day it would commit suicide taking it's delta with it, leaving you the corrupted file and months of corrupted backups.
First one like that I had seen; I thought it was ingenious.
Re: (Score:2)
well, one joke still stands. what the fuck are "partitions D through I" ?
none of the partition table i can set up seems to use anything like that...
yeah, yeah, i'm complaining about an extremely low level of quality of a slashdot article. and no, original source being crap in that area is no excuse :)
Re: (Score:2)
Lost in the operator game.. The original article [securelist.com] talks about *drives* D through I on a Windows machine. Some idiot (appears to be Michael Mimoso) decided that "partition" is a more pro-sounding synonym for "drive" and started using both interchangeably in the article from OP. So we are all left scratching our heads. The point I think is that the thing tries to destroy data on network and attached storage devices, rather than wiping C drive which would give itself away much more quickly..
Just a test (Score:1)
Well it seems like Iran has become the testing ground for the new weaponized computer arms race.
Internet is the best catalyst for democracy (Score:3, Interesting)
I can't say this is a bad thing... Hopefully it eats their backups too.
Why isn't this bad?
What possible good can come from attacking innocent people?
While we have no way of knowing who is behind these attacks... With the increase in attacks, targeting and seriousness of the recent attacks we've seen, one could fear that this is state sponsored terrorism. In which case I supose it wouldn't be unreasonable to suspect that Israel and maybe the US could be involved.
Anyway, you put it, this isn't open declared and honest warfare, it's more like terrorism (with no regards for co
Re: (Score:3)
ARAB spring in a PERSIAN nation? I'll assume you're kidding because the alternative is you're ignorant.
Also I think that as TERRORISM nuisance hacks against computers is seriously devaluing the term. I seriously doubt anybody in Iran is TERRIFIED of this nuisance.
Re: (Score:2)
ARAB spring in a PERSIAN nation? I'll assume you're kidding because the alternative is you're ignorant.
That's quite possible, I don't claim to be a middle east expert. :)
And yes, you're probably right, calling hacks for terrorism might be more of a stretch than what is good
(Sorry about that)
Nevertheless, I maintain that if you want to resolve conflicts by force, then at the very least you ought to have the decency and integrity to be honest about it.
Re: (Score:2)
Make the iranian government constantly crack down restrict and otherwise piss off its people, that way they have a reason to fight.
But who will they fight? I believe history have shown that when you attack a country it only brings them closer together.
Keep up the good work state sponsored cyber warfare!!
I wonder how skynet started...
Re: (Score:2)
What makes you think that the so called "arab spring" which is really an "islamist winter" is about democracy? But save for that, you're right: Iran's society is undergoing a big transformation right now, and if attacked, that would slow down the inevitable downfall of their clerical system... which would be sad.
bat2exe ? (Score:1)
I've never written a batch file over 64k before to warrant such extravagant conversion (Unless you count the REMs)
Kudos.
Iran has a CERT? (Score:4, Funny)
Why do I picture a guy frantically photoshopping Windows Explorer screenshots to show that there's still data on the D drive?
Re: (Score:1)
You call it malware (Score:2, Interesting)
You call it malware.
I call it a black ops program using my US tax dollars to attack Iran's nuclear weapons program.
Potato. Tater.
Same diff.
Re: (Score:2)
A government funded cyber campaign based on BAT2EXE and 16-bit code? Which doesn't even work effectively? If your goal is actually to destroy files, and you are a nation state, then you understand that simply deleting the files using the "del" command is not actually going to destroy any data. (I have no evidence that "del" was used, but hey, they ain't releasing the binary for me to analyze.)
If this was perpetrated by a nation state, then it must be meant as some kind of weird psy-op to confuse the shit ou
Re: (Score:1)
Unless it was a delivery vehicle that destroyed its traces.
I used to write those back in the 80s. One code to deliver. One code to clean up. Then it looks like it was only the latter.
Re: (Score:2)
I call it a black ops program using my US tax dollars to attack Iran's nuclear weapons program.
If you want, but when something wipes out all the files on your computer, be sure to refer to it as "someone attacking the USA's nuclear weapons program". Sauce for the gander and all that.
BAT2EXE?? (Score:2)
Re: (Score:2)
Ahh yes.
I remember a semi-nude Vanna White .gif file, gif2exe, and a jr high school labs shared autoexec.bat file....
Those were the days. In full dithered, grainy awesomeness.
Iran is paranoid (Score:3, Insightful)
Sophos covered this on their Naked Security blog today. Iran is going off the deep end with this one. The attack could have been written by a 5th grader and contains nothing that is targeted at Iran. Sophos noted that it is amateur compared to Stuxnet, Flame, and the other one widely considered to be written with Iran specifically in mind. Apparently it was a slow day at Iran's CERT.
Re: (Score:2)
if it is confined to iran it sounds to me like a domestic attacker, seeing how much hell he can cause while only hitting 32(or 16bit but if their nuclear program is running on 16bit windows it truly pity them as the latest they could have would be what 98SE?) bit targets
Re: (Score:2)
"How do you say Geek Squad in Farsi?"
Let's send them Geek Squad personnel to help.
As if installing the Pahlevis wasn't enough of an insult...