Dubbed Batchwiper, the malware systematically wipes any drive partitions starting with the letters D through I, along with any files stored on the Windows desktop of the user who is logged in. It is the second time that a wiper program has hit the region. An earlier program called Wiper shared a file-naming convention almost identical to those used by the state-sponsored Stuxnet and Duqu operations.
Batchwiper, which gets its name because its destructive payload is contained in a batch file, also appears to be basic and might not be the product of Israeli or US intelligence. The Iranian CERT advisory said that despite its simplicity in design, the malware was efficient and can wipe disk partitions and user profile directories without being recognised by antivirus.
Wipes hard drives
Iranian computers are being hit by malware that wipes entire disk partitions clean, according to an advisory issued by that country's Computer Emergency Response Team Coordination Centre.
Published in
Latest
Nick Farrell
E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view itLatest from Nick Farrell