Dubbed Batchwiper, the malware systematically wipes any drive partitions starting with the letters D through I, along with any files stored on the Windows desktop of the user who is logged in. It is the second time that a wiper program has hit the region. An earlier program called Wiper shared a file-naming convention almost identical to those used by the state-sponsored Stuxnet and Duqu operations.
Batchwiper, which gets its name because its destructive payload is contained in a batch file, also appears to be basic and might not be the product of Israeli or US intelligence. The Iranian CERT advisory said that despite its simplicity in design, the malware was efficient and can wipe disk partitions and user profile directories without being recognised by antivirus.