Iranian computers are being targeted by a new malicious virus that clears large portions of hard drives, according to Iran’s Computer Emergency Readiness Team (CERT). Cybersecurity researchers don’t know where the virus came from. All they know is that it’s very simple and very effective.
Dan Goodin of ArsTechnia reports that the malware, dubbed “Batchwiper,” systematically wipes certain drive partitions (i.e. sections of a hard drive) as well as any files stored on the Windows desktop of the user who is logged in when it’s executed.
“Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognised by antivirus,” CERT stated. “However, it is not considered to be widely distributed.”
Earlier this year cybersecurity experts at the Russian-based Kaspersky Lab discovered the Flame virus — a massive program that leaves a backdoor (i.e. Trojan) on computers through which it sucks information from networks — after a different wiper virus successfully erased information on hard disks at the Iran Oil Ministry’s headquarters.
Kaspersky subsequently concluded that Flame was written by the same state-sponsored campaign that created Duqu — “a surveillance tool used to copy blueprints of Iran’s nuclear program” — and the Stuxnet virus, which destroyed roughly a fifth of Iran’s nuclear centrifuges by causing them to spin out of control.
In June the Obama administration admitted that it collaborated with Israel to develop cyberweapons, including Duqu and Stuxnet, to use against Iran.
But Kaspersky agrees with CERT that unlike Stuxnet or Flame, Batchwiper is “an extremely simplistic attack” with “no connection to any of the previous wiper-like attacks we’ve seen” on government systems or in the wild.
Business Insider Emails & Alerts
Site highlights each day to your inbox.