Iran has been subjected to another attack by a virus capable of wiping the data on infected PCs. Antivirus experts suggest the virus has been active for at least two months and expect the next attack to take place during January, 2013.
Iran's
Maher Computer
Emergency Response
Team Coordination
Center has issued a warning,
cautioning that the new malware continuously erases data from the hard disk
drives, despite the simplicity of design and functionality, as it slips into
the PC without being detected by the antivirus and anti-malware programs.
The Maher
Center said the malware's
installer, also known as the dropper, is called GrooveMonitor.exe, believed to
be named that way as a disguise associated with a legitimate Microsoft Office
2007 document feature called Microsoft Office Groove.
Dubbed the Batchwiper, the virus
erases drive partitions starting with the letters D through I on Windows
operating system, in addition to files stored on the user’s desktop.
The new found threat starts its
destruction activities on certain dates, the next one being January 21, 2013. Experts from
Symantec suggest that the virus has been active for the last two months as
dates going back to October 12 were discovered in the malware's configuration.
It's not yet apparent who and how
it is distributing the malware. However security companies agree it could be
using several ways of infiltration, ranging from email attachments, USB drives,
some other malware already running on computers, or an internal actor uploading
it to network shares, AlienVault Labs manager Jaime Blasco told
computerworld.com via email.
“There's no connection to any
of the previous wiper-like attacks we've seen,” Roel Schouwenberg, a
senior researcher at Kaspersky Lab, wrote in a blog. “We also don't have
any reports of this malware from the wild.”
The revelation comes on the heels
of the “Flame”, an espionage malware reportedly designed by the US
and Israel to
spy on Iran.
In May this year it was announced
that one of the world’s most powerful data-snatching virus targeting computers
in Iran, Israel
and other Middle Eastern countries had been discovered by Russian experts. The
worm had allegedly been used for years in what seems to be state-sponsored
cyber espionage.
In June 2012 the New York Times
reported that President Obama had ordered the cyber-attack on Iranian nuclear
enrichment facilities.
No comments:
Post a Comment