Endpoint Protection

 View Only
Back to Library

Trojan.Batchwiper Reported in Iran 

Dec 16, 2012 04:30 PM

On December 16, 2012, CERTCC-IR posted an advisory regarding a new threat, Trojan.Batchwiper, that wipes disks. We have recovered samples matching the hashes mentioned in their advisory and, based on preliminary analysis, can confirm their findings.

The samples are not sophisticated and will wipe any drives starting with the drive letters D through I, along with files on the currently logged-in user’s Desktop. After deletion, the threat will then run Chkdsk on the drives. The wiping will only occur on the following dates:

  • 12/10/2012
  • 12/11/2012
  • 12/12/2012
  • 01/21/2013
  • 01/22/2013
  • 01/23/2013
  • 05/06/2013
  • 05/07/2013
  • 05/08/2013
  • 07/22/2013
  • 07/23/2013
  • 07/24/2013
  • 11/11/2013
  • 11/12/2013
  • 11/13/2013
  • 02/03/2014
  • 02/04/2014
  • 02/05/2014
  • 05/05/2014
  • 05/06/2014
  • 05/07/2014
  • 08/11/2014
  • 08/12/2014
  • 08/13/2014
  • 02/02/2015
  • 02/03/2015
  • 02/04/2015

The threat has no visible connection to Stuxnet, Flamer, or Gauss based on preliminary analysis. Symantec is still conducting analysis of the binaries and will post updates, if necessary.

Update [December 17, 2012] – Added technical details for Trojan.Batchwiper

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.