Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Malware Wiping Data On Computers In Iran

Soulskill posted about 2 years ago | from the cyberwar-continues dept.

Security 95

L3sPau1 writes "Iran's computer emergency response team is reporting new malware targeting computers in the country that is wiping data from partitions D through I. It is set to launch on only particular dates. 'Clearly, the attacker was trying to think ahead. After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure. Next to these BAT2EXE files there's also a 16-bit SLEEP file, which is not malicious. 16-bit files don't actually run on 64-bit versions of Windows. This immediately gives away the malware's presence on a x64 machine.' While there has been other data-wiping malware targeting Iran and other Middle East countries such as Wiper and Shamoon, researchers said there is no immediate connection."

Sorry! There are no comments related to the filter you selected.

I tried to go for a frosty (0)

Anonymous Coward | about 2 years ago | (#42330607)

But my D drive got wiped!

FILTHY J00Z (-1)

Anonymous Coward | about 2 years ago | (#42331443)

The fucking Jooz strike again. If they can't steal it and rent it back to you? They shit all over it, so its no good to anyone.

Re:I tried to go for a frosty (0)

Anonymous Coward | about 2 years ago | (#42331877)

Which OS does this malware run on again?

Re:I tried to go for a frosty (1)

BrokenHalo (565198) | about 2 years ago | (#42334937)

Which OS does this malware run on again?

DOS 3.1.

LOL arabs (0, Troll)

Anonymous Coward | about 2 years ago | (#42330609)

Too busy fucking camels and staring at ankle porn to install an AV suite?

Re:LOL arabs (-1)

Anonymous Coward | about 2 years ago | (#42330635)

you don't know the 1/2 of it good sir.

Re:LOL arabs (2, Funny)

Anonymous Coward | about 2 years ago | (#42330679)

There was no holocaust...there are no homosexuals in Iran...Israel doesn't exists....We are....FUCK another computer just vanished off the internet. We are so fucked right now. What's our exchange rate? Quick..sell some oil...right..sanctions...Fuck! Fuck fuck FUCK!

Stay frosty.

Re:LOL arabs (-1, Troll)

Anonymous Coward | about 2 years ago | (#42331011)

Typical american views on Iran

Re:LOL arabs (0)

Anonymous Coward | about 2 years ago | (#42331157)

Typical world views on americans.
why do you assume the poster is american?

Re:LOL arabs (0)

gl4ss (559668) | about 2 years ago | (#42331575)

Typical world views on americans.
why do you assume the poster is american?

an european would have laughed at iranians smuggling porn by pack-asses over the mountains.

face it, Iran isn't exactly a socialist heaven. neither was ussr. plenty of asshats liked to think so just to spite the western establishment though.

Re:LOL arabs (1)

Anonymous Coward | about 2 years ago | (#42333159)

There was no holocaust...there are no homosexuals in Iran...Israel doesn't exists....We are....FUCK another computer just vanished off the internet. We are so fucked right now. What's our exchange rate? Quick..sell some oil...right..sanctions...Fuck! Fuck fuck FUCK!

Stay frosty.

Typical american views on Iran

Typical world views on americans.
why do you assume the poster is american?

an european would have laughed at iranians smuggling porn by pack-asses over the mountains.
face it, Iran isn't exactly a socialist heaven. neither was ussr. plenty of asshats liked to think so just to spite the western establishment though.

where the fuck does porn and socialism enter into the question?

Re:LOL arabs (1)

SleazyRidr (1563649) | about 2 years ago | (#42336289)

face it, Iran isn't exactly a socialist heaven. neither was ussr. plenty of asshats liked to think so just to spite the western establishment though.

Compared to the libertarian paradise of Somalia?

Re:LOL arabs (0)

Anonymous Coward | about 2 years ago | (#42333913)

why do you assume the poster is american?

Uh, because:

1) Principally American demographic here.
2) Use of the phrase "stay frosty"
3) Typical American views on Iran

Re:LOL arabs (0)

Anonymous Coward | about 2 years ago | (#42334073)

Also:

4) Believes Iranians are Arabs...

Re:LOL arabs (-1)

Anonymous Coward | about 2 years ago | (#42331141)

chkdsk complete!
There was no Iran.

Re:LOL arabs (-1)

Anonymous Coward | about 2 years ago | (#42331333)

Maybe someone should just hack an EMP warheaded missile and detonate it above Iran. That sounds a lot faster than this BS, lol.

Re:LOL arabs (0)

Anonymous Coward | about 2 years ago | (#42332261)

Yeah yeah, EMPs aren't magic data erasing bombs.
Hard drives are shielded 2 or 3 times even in consumer grade computers.

Re:LOL arabs (1)

K. S. Kyosuke (729550) | about 2 years ago | (#42330745)

Too busy fucking camels and staring at ankle porn to install an AV suite?

Quite possible, only in this case it would be *Persians* watching ankle porn of Arabs fucking camels, if you're really so insistent on pulling nationalities into the debate.

Re:LOL arabs (-1)

Anonymous Coward | about 2 years ago | (#42330933)

You mean ethnicity, right?

Also, successful troll is successful. I was waiting for the frothing at the mouth "But dey is teh persians not a-rabs!!" response.

Re:LOL arabs (1)

K. S. Kyosuke (729550) | about 2 years ago | (#42340543)

Actually, no, I did it for the joke in it.

Re:LOL arabs (-1)

Anonymous Coward | about 2 years ago | (#42331237)

Too busy fucking camels and staring at ankle porn to install an AV suite?

Quite possible, only in this case it would be *Persians* watching ankle porn of Arabs fucking camels, if you're really so insistent on pulling nationalities into the debate.

So.... you're saying there's a difference between "Persians" and "Arabs"? I'm calling bullshit.

Re:LOL arabs (1)

fredrated (639554) | about 2 years ago | (#42335795)

What's the matter, your ass hurt?

Ironically good news for factory windows installs (4, Funny)

WWJohnBrowningDo (2792397) | about 2 years ago | (#42330617)

wiping data from partitions D through I

Thank God I hid all my porn on C drive!

Ahhh (5, Funny)

stackOVFL (1791898) | about 2 years ago | (#42330677)

The old drone shaped USB drive trick always works!

Re:Ahhh (1)

mjwx (966435) | about 2 years ago | (#42333495)

The old drone shaped USB drive trick

That's the third time I've fallen for that this week.

Next news articles: (-1)

Anonymous Coward | about 2 years ago | (#42330697)

1. Iran realizes all these viruses are made for Windows.
2. Iran switches operations to Linux to evade these viruses.
3. US spies learn this and report back that Iran is using Linux.
4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!

Re:Next news articles: (0)

Anonymous Coward | about 2 years ago | (#42330863)

Or the US just writes new viruses that take advantage of Linux/Linux application's vulnerabilities. Hackers lack of interest won't save you now.

Re:Next news articles: (-1)

Anonymous Coward | about 2 years ago | (#42330901)

Or the US just writes new viruses that take advantage of Linux/Linux application's vulnerabilities. Hackers lack of interest won't save you now.

You're implying the US has the drive or wherewithal to learn a new OS in that matter, rather than take the lazy, more controlling option of scare tactics to terrorize everyone into agreeing with them for easier results? Wow. There's apparently been a major shift in Slashdot recently if the general faith in the US's talents has been restored. Go USA!

Re:Next news articles: (3, Insightful)

Desler (1608317) | about 2 years ago | (#42330971)

The US Government is full of Linux and Unix machines. You're a moron.

Re:Next news articles: (-1)

Anonymous Coward | about 2 years ago | (#42331107)

The US Government is full of Linux and Unix machines. You're a moron.

The US Government is also full of shoes, and it's been full of shoes for one hell of a lot longer than it's been full of Linux and Unix machines. Yet all it took was one dipshit trying (and failing!) to blow up a plane with them, and now we've got another step in the already-ludicrous TSA line in any airport in the country (and any airport flying into the country). Are you trying to tell me that US enforcement of paranoia and protection is so utterly and miserably inconsistent such that all footwear is now subject to government scrutiny and suspicion due to the actions of one terrorist, yet we're going to give a free pass to an OS used by a nation of terrorists?

Re:Next news articles: (1)

Desler (1608317) | about 2 years ago | (#42331121)

yet we're going to give a free pass to an OS used by a nation of terrorists?

Yes. Now stop being an idiot.

Re:Next news articles: (1)

AvitarX (172628) | about 2 years ago | (#42332471)

Not really.

I can completely see Linux going on a DHS list similar to: http://publicintelligence.net/dhs-fbi-suspicious-hotel-guests/ [publicintelligence.net]

Most (10 of 19) of those apply to me for work (and some for vacation). I can't possibly be that unique of a business traveler (I imagine a large percentage of the people I work with are similar).

And yes, if seeing Linux when checking my laptop at security (it's been a while since I've been somewhere that required me to turn it on though) rose suspicion, I'd be on that list too.

Re:Next news articles: (0)

Anonymous Coward | about 2 years ago | (#42331509)

No they really don't.

Re:Next news articles: (1)

Desler (1608317) | about 2 years ago | (#42331979)

Then you've never worked in the DoD.

Re:Linux server - Windows client - Mapped drive (3, Interesting)

Technician (215283) | about 2 years ago | (#42332093)

And many of the Linux server boxes are mapped by Windows clients as say P:. A Windows user infected with write privileges can wipe the share drive. Wiping share drives seems to be the goal.

P is not in the range of D through I (0)

Anonymous Coward | about 2 years ago | (#42344353)

a b c d e f g, h i j k lmnop

Re:Next news articles: (0)

Anonymous Coward | about 2 years ago | (#42331101)

We're not talking about what figureheads and regulators push on public agencies and office drones, we're talking about the IC. The government, and particularly the agencies that engage in things like offensive cyber attacks and malware creation, uses plenty of *nix systems. If you can create something like Stuxnet, you can rewrite a basic data-wiping program for a different OS - especially if that OS is usually run without any antivirus software that might actually catch that program.

Re:Next news articles: (3, Insightful)

gl4ss (559668) | about 2 years ago | (#42331535)

they just outsource it(malware creation) anyways. to the same guys who tell them that it's a good idea to dump money on buying that service. it's a good business plan.

of course though, linux installations rarely autostart something on a drive found on the street and so forth.. but they're targetting windows because their scada etc systems run windows. and yeah it would be much harder to target a random linux or bsd version. but they're not going to run it on random linux or bsd as long as their industrial control sw is controlled form windows applications.

they could of course write their own industrial control sw. why they don't is a mystery, since it's the only sensible choice if you're building something you're dumping tens of thousands of manpower on.

Re:Next news articles: (0)

Anonymous Coward | about 2 years ago | (#42331859)

I am about to attack Iran's Linux computers. I need a little help, though, with the documentation. Could someone please translate this into Persian for me?

After downloading your malware, go to your download directory and type "chmod +x malware.sh". To use this malware to its full capabilities, remember to type "sudo ./malware.sh" and then type your password carefully (case matters!). Failure to follow these directions will result in the malware either failing to run, or not having write access to your partitions. People who try to use this malware without following the directions, will be mocked hatefully when they ask for help. So follow the directions, dimwit!

Re:Next news articles: (2)

Desler (1608317) | about 2 years ago | (#42330965)

No, they'll just start writing more Linux trojans. [eweek.com]

Re:Next news articles: (1)

Anonymous Coward | about 2 years ago | (#42332097)

That was a result of a compromised login/password, not a trojan.

Re:Next news articles: (0)

Desler (1608317) | about 2 years ago | (#42332993)

Yes, it was due to a Trojan.

Linux Organization officials discovered on Aug. 28 that attackers had installed a Trojan and opened a backdoor into kernel.org servers on Aug. 12

Fail.

Re:Next news articles: (1)

Anonymous Coward | about 2 years ago | (#42334885)

Please ask yourself the question "how did they gain access to the servers?". Then please read the article again. Then ask yourself again "how did they gain access to the servers?".

Then realize that the article doesn't specify how initial access was gained. Finally, please come back here and apologize for your failure.

Re:Next news articles: (1)

Desler (1608317) | about 2 years ago | (#42337613)

They got a trojan installed and opened a backdoor.

Re:Next news articles: (4, Funny)

nospam007 (722110) | about 2 years ago | (#42330989)

" Iran switches operations to Linux to evade these viruses."

You mean 2013 is the year of Linux on Iranian desktops?

Re:Next news articles: (0)

Razgorov Prikazka (1699498) | about 2 years ago | (#42331425)

I thought we all agreed that any predictions after 21 December 2012 were futile?
Don't you know? We got a beowulf cluster of Mayans with frikkin lasers on their heads (bought wit bitcoins, operated by RaspPi's) is hurtling our way to destroy us all...
Wait...
Wait...
Just a second...
YUP!!! ...I think I covered it all now...

Re:Next news articles: (1)

Eric S. Smith (162) | about 2 years ago | (#42332517)

Netcraft confirms it.

Re:Next news articles: (1)

couchslug (175151) | about 2 years ago | (#42333087)

"You mean 2013 is the year of Linux on Iranian desktops?"

Jihadix? MullahTux?

Re:Next news articles: (0)

Anonymous Coward | about 2 years ago | (#42335065)

"Jihadix?"

No, that's the Muslim friend of Asterix and Obelix.

Re:Next news articles: (1)

filmorris (2466940) | about 2 years ago | (#42335127)

Wish I had mod points.

Re:Next news articles: (1)

kelemvor4 (1980226) | about 2 years ago | (#42331305)

1. Iran realizes all these viruses are made for Windows. 2. Iran switches operations to Linux to evade these viruses. 3. US spies learn this and report back that Iran is using Linux. 4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!

5. Iran realizes all their software is made for windows and won't run on Linux. 6. Iran switches back.

Re:Next news articles: (1)

lister king of smeg (2481612) | about 2 years ago | (#42333347)

yes because no one in iran could possibly write new software

Re:Next news articles: (0)

Anonymous Coward | about 2 years ago | (#42336013)

It easier to buy stuff than build your own... Esp when you have lots of oil money to throw at it...

Re:Next news articles: (1)

kyrsjo (2420192) | about 2 years ago | (#42336417)

... and especially when you can just pirate it.

Re:Next news articles: (1)

drkim (1559875) | about 2 years ago | (#42331875)

1. Iran realizes all these viruses are made for Windows.
2. Iran switches operations to Linux to evade these viruses.
3. US spies learn this and report back that Iran is using Linux.
4. OMG OHNOEZ TEH LINUX IS TEH ENEMIES OF FREEEEEEDOMZ AND DIMMOCRASY ARREST THE TERRYRISTS USING ALL THE LINUXES!!!

5. Iran switches to Apples 'iNuke' app.

All the jokes aside... (3, Insightful)

TWX (665546) | about 2 years ago | (#42330715)

...it's fairly clever to target partitions that aren't the OS partition. I didn't read the article, but if it's targeting all entries mapped on D:-I: then that could be network shares, flash memory, external hard disks, internal extra hard disks, and possibly even files awaiting burn to disc, and with the OS left untouched would not raise suspicion as quickly.

Re:All the jokes aside... (0)

Anonymous Coward | about 2 years ago | (#42330751)

I seriously doubt it can "wipe" a network share via UNC path. Maybe del *.*, but that will be bound by NTFS permissions.

Re:All the jokes aside... (0)

Anonymous Coward | about 2 years ago | (#42330821)

Indeed... and you know how lazy Windows admins are. I'm sure everyone is running with Domain Admin privileges.

Re:All the jokes aside... (0)

Anonymous Coward | about 2 years ago | (#42333891)

I'm sure everyone is running with Domain Admin privileges.

Ehh, it's easier that way.

Re:All the jokes aside... (3, Interesting)

khasim (1285) | about 2 years ago | (#42330895)

A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.

It will take a few months longer for real damage to be noticed but by that time it will be too widespread and have infected too many spreadsheets.

If it is even noticed as a "virus".

Re:All the jokes aside... (5, Funny)

oodaloop (1229816) | about 2 years ago | (#42331193)

Why don't you just let people fuck up their own spreadsheets the old fashioned way - through stupidity and laziness? Why does every task need to be automated?

Re:All the jokes aside... (2)

Provocateur (133110) | about 2 years ago | (#42332275)

through stupidity and laziness

You left out VBscript.

Oh, wait...

Re:All the jokes aside... (4, Interesting)

BeerCat (685972) | about 2 years ago | (#42331407)

Indeed - I remember nearly 20 years ago the categories of damage that a computer virus could do:

Wiping the hard disk = "Minor" (if you have a backup, then recover from the backup)

Random bit swaps in data files = "Catastrophic" (undetected for long enough that even on a long backup cycle, they are all infected. Worse than that, subtly corrupted files are far harder to correct than merely deleted ones)

Re:All the jokes aside... (0)

Anonymous Coward | about 2 years ago | (#42331947)

Maybe this is being done and Iran hasn't discovered it yet!

Re:All the jokes aside... (0)

Anonymous Coward | about 2 years ago | (#42331527)

There was at least one macro virus that did exactly that.

Re:All the jokes aside... (1)

grep -v '.*' * (780312) | about 2 years ago | (#42339621)

A better attack would be to randomly change a few numbers on whatever spreadsheets can be written to. Then make sure to set the "last updated" date time back to the original.

Reminds me of an old dBase virus under MS-DOS. If you got it, it would slowly (over many months) corrupt the data in your files while keeping a hidden list of changes. As you read a corrupted record, it would temporary repair it so everything seemed A-OK.

Then one fine day it would commit suicide taking it's delta with it, leaving you the corrupted file and months of corrupted backups.

First one like that I had seen; I thought it was ingenious.

Re:All the jokes aside... (1)

richlv (778496) | about 2 years ago | (#42333459)

well, one joke still stands. what the fuck are "partitions D through I" ?
none of the partition table i can set up seems to use anything like that...

yeah, yeah, i'm complaining about an extremely low level of quality of a slashdot article. and no, original source being crap in that area is no excuse :)

Re:All the jokes aside... (1)

Unequivocal (155957) | about 2 years ago | (#42340147)

Lost in the operator game.. The original article [securelist.com] talks about *drives* D through I on a Windows machine. Some idiot (appears to be Michael Mimoso) decided that "partition" is a more pro-sounding synonym for "drive" and started using both interchangeably in the article from OP. So we are all left scratching our heads. The point I think is that the thing tries to destroy data on network and attached storage devices, rather than wiping C drive which would give itself away much more quickly..

Just a test (1)

Anonymous Coward | about 2 years ago | (#42330799)

Well it seems like Iran has become the testing ground for the new weaponized computer arms race.

I can't say this is a bad thing (-1, Flamebait)

eld101 (1566533) | about 2 years ago | (#42330967)

I can't say this is a bad thing... Hopefully it eats their backups too.

Internet is the best catalyst for democracy (2, Interesting)

jopsen (885607) | about 2 years ago | (#42331579)

I can't say this is a bad thing... Hopefully it eats their backups too.

Why isn't this bad?
What possible good can come from attacking innocent people?

While we have no way of knowing who is behind these attacks... With the increase in attacks, targeting and seriousness of the recent attacks we've seen, one could fear that this is state sponsored terrorism. In which case I supose it wouldn't be unreasonable to suspect that Israel and maybe the US could be involved.
Anyway, you put it, this isn't open declared and honest warfare, it's more like terrorism (with no regards for collateral damage).

Personally, I don't think it's suitable for democracies to conduct secret attacks on anybody. I'm confident my country doesn't do it, but well aware that our allies, such as the US, have a long reputation of such hostilities... And I suppose sometimes it can be justified, but is it really necessary these days, the cold war is over.

At the end of the day, it all comes down to the following question:
What possible hope is there of peaceful development, democracy, arab spring and political improvement in Iran if they truly are under attack?
If anything, this will make Iranians more disconnected from independent media, less able to organize and help the authorities convince the people that everybody wants to harm Iran.
Think we can all agree that internet and information technology is the best catalyst for democracy.

Re:Internet is the best catalyst for democracy (2)

fnj (64210) | about 2 years ago | (#42332873)

ARAB spring in a PERSIAN nation? I'll assume you're kidding because the alternative is you're ignorant.

Also I think that as TERRORISM nuisance hacks against computers is seriously devaluing the term. I seriously doubt anybody in Iran is TERRIFIED of this nuisance.

Re:Internet is the best catalyst for democracy (1)

jopsen (885607) | about 2 years ago | (#42336303)

ARAB spring in a PERSIAN nation? I'll assume you're kidding because the alternative is you're ignorant.

That's quite possible, I don't claim to be a middle east expert.
And yes, you're probably right, calling hacks for terrorism might be more of a stretch than what is good :)
(Sorry about that)

Nevertheless, I maintain that if you want to resolve conflicts by force, then at the very least you ought to have the decency and integrity to be honest about it.

Re:Internet is the best catalyst for democracy (-1)

Anonymous Coward | about 2 years ago | (#42333097)

No, having half an internet controlled by the state is worse than none at all. Nothing is worse for democracy in a place like Iran than allowing the populace to become apathetic because their government is not constantly grinding them underfoot. The best thing we could do is keep up the pressure as high as possible. Make the iranian government constantly crack down restrict and otherwise piss off its people, that way they have a reason to fight. Keep up the good work state sponsored cyber warfare!!

Re:Internet is the best catalyst for democracy (1)

jopsen (885607) | about 2 years ago | (#42336331)

Make the iranian government constantly crack down restrict and otherwise piss off its people, that way they have a reason to fight.

But who will they fight? I believe history have shown that when you attack a country it only brings them closer together.

Keep up the good work state sponsored cyber warfare!!

I wonder how skynet started...

Re:Internet is the best catalyst for democracy (1)

cpghost (719344) | about 2 years ago | (#42335691)

What possible hope is there of peaceful development, democracy, arab spring and political improvement in Iran if they truly are under attack?

What makes you think that the so called "arab spring" which is really an "islamist winter" is about democracy? But save for that, you're right: Iran's society is undergoing a big transformation right now, and if attacked, that would slow down the inevitable downfall of their clerical system... which would be sad.

bat2exe ? (1)

zacherynuk (2782105) | about 2 years ago | (#42330993)

I've never written a batch file over 64k before to warrant such extravagant conversion (Unless you count the REMs)

Kudos.

Iran has a CERT? (4, Funny)

Gothmolly (148874) | about 2 years ago | (#42331083)

Why do I picture a guy frantically photoshopping Windows Explorer screenshots to show that there's still data on the D drive?

Re:Iran has a CERT? (0)

volxdragon (1297215) | about 2 years ago | (#42332711)

Thanks! I now have beer all over my desk.... Oh to still have mod points...

So in response Iran creates its own internet and.. (-1, Troll)

3seas (184403) | about 2 years ago | (#42331513)

none of the rest of the world has access.

This way the rest oif the world can be fooled to think Iran is evil. You know no outside communication to prove otherwise.

You call it malware (2, Interesting)

WillAffleckUW (858324) | about 2 years ago | (#42331793)

You call it malware.

I call it a black ops program using my US tax dollars to attack Iran's nuclear weapons program.

Potato. Tater.

Same diff.

Re:You call it malware (1)

pclminion (145572) | about 2 years ago | (#42332217)

A government funded cyber campaign based on BAT2EXE and 16-bit code? Which doesn't even work effectively? If your goal is actually to destroy files, and you are a nation state, then you understand that simply deleting the files using the "del" command is not actually going to destroy any data. (I have no evidence that "del" was used, but hey, they ain't releasing the binary for me to analyze.)

If this was perpetrated by a nation state, then it must be meant as some kind of weird psy-op to confuse the shit out of people. I think chances are better that it was written by an idiot.

Re:You call it malware (1)

WillAffleckUW (858324) | about 2 years ago | (#42332423)

Unless it was a delivery vehicle that destroyed its traces.

I used to write those back in the 80s. One code to deliver. One code to clean up. Then it looks like it was only the latter.

Re:You call it malware (0)

Anonymous Coward | about 2 years ago | (#42332475)

I think chances are better that it was written by an idiot.

So yeah, American or Israeli government obviously.

Re:You call it malware (1)

Jeremi (14640) | about 2 years ago | (#42332915)

I call it a black ops program using my US tax dollars to attack Iran's nuclear weapons program.

If you want, but when something wipes out all the files on your computer, be sure to refer to it as "someone attacking the USA's nuclear weapons program". Sauce for the gander and all that.

Serves them right (0)

Anonymous Coward | about 2 years ago | (#42331831)

Should have stored their files on the SkyDrive. How could that possibly be compromised, I mean it's in a freaking cloud!

Your theory on the running of chkdsk. (0)

Anonymous Coward | about 2 years ago | (#42331857)

After trying to delete all the files on a particular partition the malware runs chkdsk on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure.

If you reorganize the disk after the delet,e things like File Recovery Pro do not bring the data back. A simple delete can be easily reversed with many over the counter tools if the area of the disk has not been written to.

Re:Your theory on the running of chkdsk. (0)

Anonymous Coward | about 2 years ago | (#42344331)

Right, everyone knows that you run defrag or chkdsk if you've deleted files that you don't want undelete to find. Makes me wonder about the credentials of "Roel, Kaspersky Lab Expert".

BAT2EXE?? (1)

EvilSS (557649) | about 2 years ago | (#42332053)

So it was written by a tween? From 1989?

Re:BAT2EXE?? (1)

gandhi_2 (1108023) | about 2 years ago | (#42334201)

Ahh yes.

I remember a semi-nude Vanna White .gif file, gif2exe, and a jr high school labs shared autoexec.bat file....

Those were the days. In full dithered, grainy awesomeness.

Iran is paranoid (3, Insightful)

Anonymous Coward | about 2 years ago | (#42332065)

Sophos covered this on their Naked Security blog today. Iran is going off the deep end with this one. The attack could have been written by a 5th grader and contains nothing that is targeted at Iran. Sophos noted that it is amateur compared to Stuxnet, Flame, and the other one widely considered to be written with Iran specifically in mind. Apparently it was a slow day at Iran's CERT.

Re:Iran is paranoid (1)

lister king of smeg (2481612) | about 2 years ago | (#42333473)

if it is confined to iran it sounds to me like a domestic attacker, seeing how much hell he can cause while only hitting 32(or 16bit but if their nuclear program is running on 16bit windows it truly pity them as the latest they could have would be what 98SE?) bit targets

Iran's computer emergency response team? (-1)

Anonymous Coward | about 2 years ago | (#42332195)

How do you say Geek Squad in Farsi?

Re:Iran's computer emergency response team? (1)

couchslug (175151) | about 2 years ago | (#42333103)

"How do you say Geek Squad in Farsi?"

Let's send them Geek Squad personnel to help.
As if installing the Pahlevis wasn't enough of an insult...

I'm safe (0)

Anonymous Coward | about 2 years ago | (#42333885)

Lucky i keep all my data on drive A and B.
Excuse me while i change disks.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?