[ISN] Data-Destruction Attack Targeted ‘Few’ Select Iranian Computers

http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240144657/data-destruction-attack-targeted-few-select-iranian-computers.html By Kelly Jackson Higgins Dark Reading Dec 18, 2012 It’s no Stuxnet or Wiper, but the latest data-destroying malware targeting specific computers in Iran still wreaks some serious damage. Iran’s CERT on Sunday first issued an alert about the relatively rudimentary malware, which was discovered to delete data off various drives at specific times and dates. The malware is a “very simple” knockoff of other wiping malware with no relation to those previously discovered malware attacks, and “very few machines” were infected by it, according to the CERT. Researchers from Symantec, Kaspersky Lab, AlienVault Labs, and SophosLabs all have studied a sample of the malware, aka Batchwiper or GrooveMonitor, and concur that it’s a simplistic yet lethal piece of malware the doesn’t appear to be related to the nation-state built Stuxnet and Wiper that hit Iran’s nuclear facility, nor the destructive Shamoon that wiped 30,000 workstations of their data at Saudi Aramco, and deleted files at the Iranian oil ministry. It’s the latest in a series of data-destroying malware attacks targeting specific organizations in the Middle East. This return to 1980s and early ’90s malware that damages or deletes data puzzles researchers. “It’s not the kind of thing you’d expect a nation-state” to create, says Chester Wisniewski, a senior security adviser for Sophos. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org