Iran CERT Detects New Data-Wiping Targeted Attack

By Monday, December 17, 2012 0 , Permalink 0

According to the agency, the malware doesn’t resemble any of the other sophisticated attacks Iran has seen in recent times. The malware is more on the data-wiping site of the malicious activities paradigm. “Primitive analysis revealed that this malware wipes files on different drives in various predefined times,” notes the agency on its website.

The analysis, being preliminary, doesn’t give out much information except a few filenames along with their MD5 hashes. The agency however claims that the attack is not widespread yet but, from the limited set of activities it has noticed, the malware is known to delete disk partitions and user profile directories and is not yet detected by any anti-virus software.

“Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognized by anti-virus software” notes the website.
 

Some of the filenames that have emerged from the preliminary investigations include “GrooveMonitor.exe”, “juboot.exe”, “jucheck.exe”, “SLEEP.exe,” and “WmiPrv.exe”.