The Iranian Computer Emergency Response Team, or CERT, has released information on the latest piece of what seems to be Espionage-Level Malware in the country. Capable of wiping available partitions on a hard drive in addition to desktop items of the current logged in user, ‘Batchwiper’ isn’t exactly a complicated Malware by any means. However, developers input routines for its data wipes on the twelve of every month, according to reports.
What to keep in mind– Batchwiper is disguising itself under GrooveMonitor.exe and extracts the following files:
%SYSTEMROOT%\system32\SLEEP.EXE, jucheck.exe & juboot.exe.
* For those not entirely computer savvy, jucheck.exe & GrooveMonitor.exe are the names of legitimate files; However, the directory in which they are located on your system will tell you whether the file is malicious or not).
Batchwiper is believed to be a targeted attack, so chances are you may not come across this bug. However, should you, you’re going to lose a lot of information. Better to be safe than sorry, so remember to always back up.
News of this threat follows the recent accusations that Iran has been sending towards both Israel and the United States regarding the Flame and Stuxnet attacks. Fear of an Islamic Nuclear weapons program is cited as the motivation for these attacks.