New 'Simplistic' Malware Strain Wipes Hard Drives

By Ken Presti
December 17, 2012 2:29 PM ET

A new strain of malware capable of wiping hard drives is being described as "simplistic" as well as insidious.

According to Kaspersky's Threatpost blog, the bug is capable of deleting all files on drives D through I, as well as on the desktop. Once the data is deleted, the program then launches a checkdisk command in an apparent attempt to divert attention towards a possible system failure, as opposed to a planned attack.

At this point, the malware, which has been dubbed Trojan.Batchwiper, has only been witnessed in Iran, which reported the attack on Sunday through the Maher Center, Iran's equivalent of CERT.

The attacks launch only on specifically programmed dates, including last week from Dec. 10 through Dec. 12. The configuration of the code leads experts to believe it will become active again for two days starting on Jan. 21. At that point, it appears likely to stand down until May 6. Subsequent attacks appear likely for July and November of 2013, February, May and August of 2014, and February of 2015.

The Threatpost blog quoted Kaspersky Lab researcher Roel Schouwenberg as saying, "This [malware] is as basic as it gets. But if it was effective, that doesn’t matter. If it wasn’t clear already, the era of cyber sabotage has arrived."

The malware, which engages BAT files that are then converted to Windows PE files using a BAT2EXE tool, appears to be unrelated to Shamoon or any of the high-profile attacks witnessed so far. Key file names include Win.32.Maya.a and also GrooveMonitor.exe, which serves as the dropper.

According to a post in the AlienVault blog, the malware is likely deployed through USB drives and spearphishing, or possibly as the second stage of a targeted intrusion.

Data wiping malware has gained notoriety, especially in the Middle East where Shamoon was used to bring IT resources of Aramco, a Saudi Arabian oil company, to a near standstill earlier this year. Investigations into other strains of data wiping malware also led to the discovery of the Flamer virus.

PUBLISHED DEC. 17, 2012

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Tech 10: Hot Antivirus Alternatives For 2013 CRN identifies 10 vendors that have developed innovative ways to detect malware and analyze threats to better protect corporate networks. They take a giant step beyond traditional signature technologies.
	10 Emerging Security Technologies Gaining Interest, Adoption Despite some security defenses being only in their infancy, they are attracting interest for addressing BYOD issues, cloud security concerns and stolen account credentials. Here's a look at some of the top new security areas gaining industry interest.
	5 Government Intelligence Facilities You've Never Heard Of One facility has been around since the dawn of space exploration, while other buildings are still in construction. But, they all have serious data analysis and surveillance support activities associated with them.
	More Slide Shows