Iran Hit with New 'Wiper' Bug
|The national flag of Iran.|
This past Sunday (Dec. 16), the Iranian Computer Emergency Response Team (CERT) alerted computer users to a new form of "targeted data-wiping malware."
"Primitive analysis revealed that this malware wipes files on different drives in various, predefined times," the advisory states. "Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user-profile directories without being recognized by antivirus software."
The statement went on to say that despite its destructiveness, the bug does not appear to be widespread.
SophosLabs said the malware, which erases files' contents in D:, E:, F:, G:, H: and I: drives, only on some, pre determined days, is "one of the most rudimentary malware samples seen in years" and that it's unclear why Iran's CERT characterized the malware as "targeted."
Comparing this to other state-sponsored cyber attacks, Sophos said, would be like equating a child's crayon-scrawled name with Homer's "Odyssey": they're not even in the same realm.
But that doesn't mean it should be underestimated. According to Sophos, the malware creates a registry file, so even if a machine is totally rebooted, the malware will remain.
"There's no connection to any of the previous wiper-like attacks we've seen," Russia-based Kaspersky Labs wrote on its blog.
Over the past two years, Iran has been hit with a number of serious malware attacks including the Stuxnet, Duqu and Flame viruses, which significantly set back the country's nuclear research project. At least one of those attacks was carried out by or with the help of the U.S. and Israeli governments.
The origin of this newest piece of malware is still unknown
Follow Ben on Twitter @benkwx.