Iran hit by new data-wiping cyberattack

'GrooveMonitor' less sophisticated but "targeted"

Iran's national CERT has warned of a new type of data-wiping malware that bears some of the hallmarks of a cyberattack that severely disrupted the country's oil industry earlier this year.

The exact nature of the latest attack is hard to gauge from the brief description offered by the Maher Computer Emergency Response Team.

The agency's report describes a piece of malware that is not as sophisticated as April's example - the latter analysed by one security vendor as having a connection to anti-Iranian cyberwarfare - and not widely distributed.

Nevertheless, the agency went on to describe it as a "targeted" (i.e. at Iran) attack. "Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognized by anti-virus software," reads Maher's report.

A number of malware components are then listed which offer little clue as to its origins.

Sophisticated or not, malware attacks that appear on Iranian radar for long enough to be reported are rarely a coincidence.

Only weeks ago, Symantec reported on a new piece of malware, W32.Narilam, that appeared to be targeting SQL databases in the country in a year that has revealed a number of mysterious cyber-campaigns.

Update: Kaspersky Lab now detects this attack as Trojan.Win32.Maya.a., describing it as a simplistic attack based on running destructive batch files.

Tags symantecsecurity

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Secure Virtualization of Business Applications

Run your mission-critical applications in a secure and compliant virtual datacenter, or private cloud.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.