Iran’s national CERT has warned of a new type of data-wiping malware that bears some of the hallmarks of a cyberattack that severely disrupted the country’s oil industry earlier this year. [2]
The exact nature of the latest attack is hard to gauge from the brief description offered by the Maher Computer Emergency Response Team.
The agency’s report describes a piece of malware that is not as sophisticated as April’s example – the latter analysed by one security vendor as having a connection to anti-Iranian cyber warfare [3] - and not widely distributed.
Nevertheless, the agency went on to describe it as a “targeted” (i.e. at Iran) attack. “Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognised by anti-virus software,” reads Maher’s report.
A number of malware components are then listed which offer little clue as to its origins [4].
Sophisticated or not, malware attacks that appear on Iranian radar for long enough to be reported are rarely a coincidence.
Only weeks ago, Symantec reported on a new piece of malware, W32.Narilam, that appeared to be targeting SQL databases in the country in a year that has revealed a number of mysterious cyber-campaigns.
Kaspersky Lab now detects this attack as Trojan.Win32.Maya.a., describing it as a simplistic attack based on running destructive batch files.
[5] © Corporate Publishing International. All rights reserved. Links:
[1] http://www.syndigate.info
[2] http://www.albawaba.com/business/iran-disconnects-crude-exports-422196
[3] http://www.albawaba.com/business/iran-cyber-attack-446567
[4] http://www.albawaba.com/business/iran-cyber-attack-445219
[5] http://www.computernewsme.com