The Latest in IT Security

Trojan.Batchwiper Reported in Iran

17
Dec
2012

On December 16, 2012, CERTCC-IR posted an advisory regarding a new threat that wipes disks. We have recovered samples matching the hashes mentioned in their advisory and, based on preliminary analysis, can confirm their findings.

The samples are not sophisticated and will wipe any drives starting with the drive letters D through I, along with files on the currently logged-in user’s Desktop. After deletion, the threat will then run Chkdsk on the drives. The wiping will only occur on the following dates:

  • 12/10/2012
  • 12/11/2012
  • 12/12/2012
  • 01/21/2013
  • 01/22/2013
  • 01/23/2013
  • 05/06/2013
  • 05/07/2013
  • 05/08/2013
  • 07/22/2013
  • 07/23/2013
  • 07/24/2013
  • 11/11/2013
  • 11/12/2013
  • 11/13/2013
  • 02/03/2014
  • 02/04/2014
  • 02/05/2014
  • 05/05/2014
  • 05/06/2014
  • 05/07/2014
  • 08/11/2014
  • 08/12/2014
  • 08/13/2014
  • 02/02/2015
  • 02/03/2015
  • 02/04/2015

The threat has no visible connection to Stuxnet, Flamer, or Gauss based on preliminary analysis. Symantec is still conducting analysis of the binaries and will post updates, if necessary.

Leave a reply


Categories

SUNDAY, AUGUST 19, 2018

Featured

Archives

Latest Comments

Social Networks