icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

New wiper virus targets Iranian computers

New wiper virus targets Iranian computers
Iran has been subjected to another attack by a virus capable of wiping the data on infected PCs. Antivirus experts suggest the virus has been active for at least two months and expect the next attack to take place during January, 2013.

Iran's Maher Computer Emergency Response Team Coordination Center has issued a warning, cautioning that the new malware continuously erases data from the hard disk drives, despite the simplicity of design and functionality, as it slips into the PC without being detected by the antivirus and anti-malware programs. The Maher Center said the malware's installer, also known as the dropper, is called GrooveMonitor.exe, believed to be named that way as a disguise associated with a legitimate Microsoft Office 2007 document feature called Microsoft Office Groove.Dubbed the Batchwiper, the virus erases drive partitions starting with the letters D through I on Windows operating system, in addition to files stored on the user’s desktop.The new found threat starts its destruction activities on certain dates, the next one being January 21, 2013. Experts from Symantec suggest that the virus has been active for the last two months as dates going back to October 12 were discovered in the malware's configuration.It's not yet apparent who and how it is distributing the malware. However security companies agree it could be using several ways of infiltration, ranging from email attachments, USB drives, some other malware already running on computers, or an internal actor uploading it to network shares, AlienVault Labs manager Jaime Blasco told computerworld.com via email.“There's no connection to any of the previous wiper-like attacks we've seen,” Roel Schouwenberg, a senior researcher at Kaspersky Lab, wrote in a blog. “We also don't have any reports of this malware from the wild.”The revelation comes on the heels of the “Flame”, an espionage malware reportedly designed by the US and Israel to spy on Iran. In May this year it was announced that one of the world’s most powerful data-snatching virus targeting computers in Iran, Israel and other Middle Eastern countries had been discovered by Russian experts. The worm had allegedly been used for years in what seems to be state-sponsored cyber espionage.In June 2012 the New York Times reported that President Obama had ordered the cyber-attack on Iranian nuclear enrichment facilities.

Dear readers and commenters,

We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system.

Sorry for the inconvenience, and looking forward to your future comments,

RT Team.