[ISN] Data-Destruction Attack Targeted 'Few' Select Iranian Computers

From: InfoSec News <alerts_at_private>
Date: Wed, 19 Dec 2012 00:57:02 -0600 (CST)

By Kelly Jackson Higgins
Dark Reading
Dec 18, 2012

It's no Stuxnet or Wiper, but the latest data-destroying malware 
targeting specific computers in Iran still wreaks some serious damage.

Iran's CERT on Sunday first issued an alert about the relatively 
rudimentary malware, which was discovered to delete data off various 
drives at specific times and dates. The malware is a "very simple" 
knockoff of other wiping malware with no relation to those previously 
discovered malware attacks, and "very few machines" were infected by it, 
according to the CERT.

Researchers from Symantec, Kaspersky Lab, AlienVault Labs, and 
SophosLabs all have studied a sample of the malware, aka Batchwiper or 
GrooveMonitor, and concur that it's a simplistic yet lethal piece of 
malware the doesn't appear to be related to the nation-state built 
Stuxnet and Wiper that hit Iran's nuclear facility, nor the destructive 
Shamoon that wiped 30,000 workstations of their data at Saudi Aramco, 
and deleted files at the Iranian oil ministry.

It's the latest in a series of data-destroying malware attacks targeting 
specific organizations in the Middle East. This return to 1980s and 
early '90s malware that damages or deletes data puzzles researchers. 
"It's not the kind of thing you'd expect a nation-state" to create, says 
Chester Wisniewski, a senior security adviser for Sophos.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Tue Dec 18 2012 - 22:57:02 PST

This archive was generated by hypermail 2.2.0 : Tue Dec 18 2012 - 23:01:30 PST