New wiper virus targets Iranian computers

18 Dec, 2012 02:20 / Updated 12 years ago

Iran has been subjected to another attack by a virus capable of wiping the data on infected PCs. Antivirus experts suggest the virus has been active for at least two months and expect the next attack to take place during January, 2013.

Iran's Maher Computer Emergency Response Team Coordination Center has issued a warning, cautioning that the new malware continuously erases data from the hard disk drives, despite the simplicity of design and functionality, as it slips into the PC without being detected by the antivirus and anti-malware programs. The Maher Center said the malware's installer, also known as the dropper, is called GrooveMonitor.exe, believed to be named that way as a disguise associated with a legitimate Microsoft Office 2007 document feature called Microsoft Office Groove.Dubbed the Batchwiper, the virus erases drive partitions starting with the letters D through I on Windows operating system, in addition to files stored on the user’s desktop.The new found threat starts its destruction activities on certain dates, the next one being January 21, 2013. Experts from Symantec suggest that the virus has been active for the last two months as dates going back to October 12 were discovered in the malware's configuration.It's not yet apparent who and how it is distributing the malware. However security companies agree it could be using several ways of infiltration, ranging from email attachments, USB drives, some other malware already running on computers, or an internal actor uploading it to network shares, AlienVault Labs manager Jaime Blasco told computerworld.com via email.“There's no connection to any of the previous wiper-like attacks we've seen,” Roel Schouwenberg, a senior researcher at Kaspersky Lab, wrote in a blog. “We also don't have any reports of this malware from the wild.”The revelation comes on the heels of the “Flame”, an espionage malware reportedly designed by the US and Israel to spy on Iran. In May this year it was announced that one of the world’s most powerful data-snatching virus targeting computers in Iran, Israel and other Middle Eastern countries had been discovered by Russian experts. The worm had allegedly been used for years in what seems to be state-sponsored cyber espionage.In June 2012 the New York Times reported that President Obama had ordered the cyber-attack on Iranian nuclear enrichment facilities.