A targeted data wiping malware has been discovered by The Iran National CERT, or Maher. The malware, referred to as Batchwiper by Cupertino, Calif.-based security vendor Symantec Corp., wipes files on different drives at predefined times.
Researchers say the design is primitive but the malware is efficient. Batchwiper can wipe disk partitions and user profile directories without being recognized by anti-virus software. It is not widely distributed.
Symantec has recovered samples of the Trojan matching the hashes in the Maher advisory. According to Symantec, the samples will wipe any drives starting with the drive letters D through I, along with files on a logged-in user’s Desktop. Symantec researchers are continuing to analyze the binaries.
Targeted malware attacks have been on the rise in recent years. Batchwiper, however, shows no similarities to more sophisticated targeted attacks like Stuxnet, Flame or Gauss. Experts say companies need to make malware defense a top priority. Steps IT teams can take to protect their companies against malware include offline malware and threat detection, whitelisting, and browser security.