Iranian computers under attack by ‘Batchwiper’ malware

Iran internetA new malware with the ability to delete entire partitions of hard drives, including all files stored within them, has been discovered by Iranian authorities according to an alert issued on Sunday by the Iranian Computer Emergency Response Team Co-ordination Center (CERTCC).

The CERTCC alert reports that the malware – appropriately named “Batchwiper” – can wipe any and all drive partitions that start with the letters D through I. Additionally, Batchwiper will erase files stored on the desktop of the active user at the time the malware activates. The malware’s name derives from its method of delivery, with the malware apparently contained in a batch file. According to a blog post from anti-malware experts Kaspersky Lab, Batchwiper “is an extremely simplistic attack,” which checks the current date against a number of pre-defined dates. “If the date matches,” Kaspersky Lab’s Roel explained, “it will wait for 50 minutes and then try to delete all files from drive D through I.”

The dates discovered run in intervals from December 10, 2012 through February 4, 2015 (There are four date ranges in 2013, three in 2014, and one each in 2012 and 2015); “Clearly, the attacker was trying to think ahead,” Roel notes. “After trying to delete all the files on a particular partition the malware runs [check disk] on said partition. I assume the attacker is trying to make the loss of all files look like a software or hardware failure.”

Batchwiper also has the ability to disguise itself from antivirus softwares. “Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognized by antivirus,” The Iranian CERTCC alert comments.

The CERTCC described the spread of Batchwiper as a targeted attack, but also noted that the “attack” has a rather limited reach. “It is not considered to be widely distributed,” the alert said, adding that the malware “is simple in design and it is not any similarity to the other sophisticated targeted attacks.”

Batchwiper apparently arrives via a file with the name GrooveMonitor.exe, which includes three other files (“SLEEP.EXE,” “jucheck.exe” and “juboot.exe”) once extracted. GrooveMonitor, however, is a difficult identifier to watch out for, as it is a name more commonly associated with a (real) Microsoft Office 2007 document collaboration feature called Microsoft Office Groove. Beyond that, however, CERTCC remains uncertain as to how the malware is being shared or the nature of its origins.

Kaspersky Labs seems equally in the dark, noting that there doesn’t appear to be any connection between the malware and previous, similar, wiper attacks such as Flame. The Labs does, however, back up the notion of it being a targeted attack on Iranian systems, pointing out that “we also don’t have any reports of this malware from the wild.”


[Image credit: Kheng Guan Toh/Shutterstock]


Apple to boost its Amazon presence with listings for iPhones, iPads, and more

Apple is about to start offering more of its kit on Amazon. The tech giant currently only has very limited listings on the shopping site, but the deal will see the arrival of the latest iPhones, iPads, MacBooks, and more.

Want to make one hard drive act like two? Here's how to partition in Windows

If you don't want all of your files stored in one place but only have one drive to work with, partitioning is your best way forward. Here's how to partition a hard drive in Windows 10, step by step.

Windows Update not working after October 2018 patch? Here’s how to fix it

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you, step by step.

Want to use one drive between a Mac and Windows PC? Partitions are your best bet

Compatibility issues between Microsoft Windows and Apple Mac OS X may have diminished sharply over the years, but that doesn't mean they've completely disappeared. Here's how to make an external drive work between both operating systems.

Recover your beloved data with these great software tools

The best data recovery software isn't always free, but whether you've lost files on a hard drive, SD card, or even physical media like CDs and DVDs, there's a chance they'll be able to get that data back.

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.

Zoom in on famous works through the Art Institute of Chicago’s new website

Art lovers, listen up. The Art Institute of Chicago has given its website a serious makeover with new features that let you get up close and personal with more than 50,000 artworks by famous (and not so famous) artists.

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.

Over a million veterans now eligible for Comcast’s Internet Essentials program

Comcast's low-cost Internet Essentials program, which provides internet access for just $10 per month, has expanded to include U.S. veterans. One million veterans now qualify for the service.

Google’s Squoosh will get an image web-ready with in-browser compression

Google's latest web app development is an image editing and compression tool, Squoosh. In just a few clicks, it can take a huge image and make it much lighter and web-friendly, all in your browser.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Social Media

‘Superwoman’ YouTuber Lilly Singh taking a break for her mental health

Claiming to be "mentally, physically, emotionally, and spiritually exhausted," popular YouTuber Lilly Singh has told her millions of fans she's taking a break from making videos in order to recuperate.
Smart Home

Amazon has a huge team dedicated to enhancing Alexa and Echo

An Amazon executive on Tuesday, November 13 revealed the huge size of the team that's tasked with developing the Echo, the company's smart speaker, and Alexa, the digital assistant that powers it.

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.