Data wiper malware targets Iranian computers
Iran's Maher Computer Emergency Response Team Coordination Center has issued a warning about new malware that deletes entire partitions from infected computers. Though the Trojan.Batchwiper malware was billed as unsophisticated, the Maher Center warns that it is "efficient" and can successfully wipe disk partitions and user profile directories without being recognized by antivirus software.
In a blog entry, Symantec writes that Batchwiper "will wipe any drives starting with the drive letters D through I, along with files on the currently logged-in user's Desktop." According to the security vendor, the malware is coded to only wipe drives on predefined dates, presumably so that the malware will be able to spread. The next data wipe is scheduled on the January 21, 2013.
Though detected in Iran, Batchwiper is not thought to be related to recent infamous malware, such as Stuxnet, that was believed to be a targeted cyber weapon. However, Kaspersky Lab says it hasn't had any reports of this malware from the wild, a possible sign that this is another targeted attack against Iran.
While common in the past, malware that erases data has since taken a backseat to spyware and ransomware. Thankfully, organizations that have proper backup regimens should not be adversely affected by Batchwiper or similar malware, should it spread beyond Iran.