Batchwiper malware, new virus targets Iranian computers

Batchwiper malware, new virus targets Iranian computers

 

Iranian CERT is sounding the alarm over another bit of data-deleting malware it’s discovered on PCs in the country. Dubbed Batchwiper, the malware systematically wipes any drive partitions starting with the letters D through I Drive, along with any files stored on the Windows desktop of the user who is logged in when it’s executed
Why naming Batchwiper ? The name was chosen because the malware is packed in a batch file.
Batchwiper malware, new virus targets Iranian computers
The malware initiates its data wiping routine on certain dates, the next one being Jan. 21 2013. However, the dates of Oct. 12, Nov. 12 and Dec. 12, 2012, were also found in the malware’s configuration, suggesting that it may have been in distribution for at least two months.
GrooveMonitor.exe is the original dropper, which is a self-extracting RAR file, once executed it extracts the following files:
— \WINDOWS\system32\SLEEP.EXE, md5: ea7ed6b50a9f7b31caeea372a327bd37

— \WINDOWS\system32\jucheck.exe, md5: c4cd216112cbc5b8c046934843c579f6

— \WINDOWS\system32\juboot.exe, md5: fa0b300e671f73b3b0f7f415ccbe9d41
Then juboot.exe is executed, which create and execute following batch file :
\Documents and Settings\%User%\Local Settings\Temp\1.tmp\juboot.bat
According to the Iranian CERT advisory, “However, it is not considered to be widely distributed. This targeted attack is simple in design and it is not any similarity to the other sophisticated targeted attacks.
In past, Iran has accused the US and Israel of being behind the Flame attack as well as the Stuxnet virus. Such attacks are seen as en effort to cripple the Islamic Republic‘s nuclear program, which Western countries fear is being used to make a bomb.
Advertisements
Comments
4 Responses to “Batchwiper malware, new virus targets Iranian computers”
  1. I simply want to tell you that I am just all new to blogs and certainly savored you’re web-site. More than likely I’m likely to bookmark your website . You amazingly come with really good well written articles. Cheers for sharing with us your website.

  2. I just want to say I am beginner to blogging and absolutely enjoyed you’re page. Very likely I’m want to bookmark your site . You definitely come with very good writings. Thanks a lot for sharing with us your web page.

  3. Tyson F. Gautreaux says:

    I simply want to mention I am just new to blogs and really liked this web-site. Very likely I’m want to bookmark your website . You surely come with incredible article content. Regards for sharing with us your webpage.

Trackbacks
Check out what others are saying...
  1. […] Batchwiper malware, new virus targets Iranian computers (techdistro.wordpress.com) […]



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Blog Stats

    • 10,842 hits
  • Upcoming Events

    No upcoming events

%d bloggers like this: