The Latest in IT Security

Trojan.Batchwiper Reported in Iran

17
Dec
2012

On December 16, 2012, CERTCC-IR posted an advisory regarding a new threat that wipes disks. We have recovered samples matching the hashes mentioned in their advisory and, based on preliminary analysis, can confirm their findings.

The samples are not sophisticated and will wipe any drives starting with the drive letters D through I, along with files on the currently logged-in user’s Desktop. After deletion, the threat will then run Chkdsk on the drives. The wiping will only occur on the following dates:

  • 12/10/2012
  • 12/11/2012
  • 12/12/2012
  • 01/21/2013
  • 01/22/2013
  • 01/23/2013
  • 05/06/2013
  • 05/07/2013
  • 05/08/2013
  • 07/22/2013
  • 07/23/2013
  • 07/24/2013
  • 11/11/2013
  • 11/12/2013
  • 11/13/2013
  • 02/03/2014
  • 02/04/2014
  • 02/05/2014
  • 05/05/2014
  • 05/06/2014
  • 05/07/2014
  • 08/11/2014
  • 08/12/2014
  • 08/13/2014
  • 02/02/2015
  • 02/03/2015
  • 02/04/2015

The threat has no visible connection to Stuxnet, Flamer, or Gauss based on preliminary analysis. Symantec is still conducting analysis of the binaries and will post updates, if necessary.

Leave a reply


Categories

TUESDAY, MARCH 19, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments