Wiper virus shows Duqu, Stuxnet similarities

By on
Wiper virus shows Duqu, Stuxnet similarities

More state-sponsored malware?

A computer virus that in April this year erased hard disks and shut down systems in an attack on Iran's Oil Ministry bears some resemblance to the nation-state sponsored Duqu and Stuxnet malware, according to anti-virus firm Kaspersky Labs.

On its SecureList blog, Kaspersky Labs noted that the Wiper virus used file names common to Duqu and Stuxnet, and speculated that due to this, the three destructive computer programs were related.

Stuxnet rose to infamy last year as it attacked Iran's nuclear fuel enrichment centrifuges. It was followed by the Duqu virus that also aimed to sabotage Iran's nuclear programme.

Although the actual provenance of the malware was yet to be fully ascertained, Kaspersky believed Stuxnet and Duqu to be the work of a government.

The International Telecommunications Union (ITU) asked Kaspersky Labs to analyse the Iranian attacks and work out extent of the damage.

However, Kaspersky had not received any Wiper virus samples, and as the malware used an elaborate and effective technique to erase the hard drives on which it resided, "almost nothing was left" after its activation.

However. by sifting through the remains of data on the wiped disks, Kaspersky Labs recovered a copy of the Windows Registry system settings database. In the Registry hive, Kaspersky discovered a service that created file names, similar in naming format to those written by the Duqu malware.

Wiper isn't related to Flame, another malware discovered by Kaspersky that spread in Middle Eastern countries, but mostly in Iran.

Flame could record sound, keyboard strokes and network traffic, and also take screenshots. It would also attempt to grab information from nearby Bluetooth enabled devices. 

Flame was wiped from the infected systems by its controllers, wiping all traces of it.

Kaspersky Labs said there is no doubt that Wiper existed, attacking computers in Iran and maybe elsewhere in the world. 

However, "the malware was so well written that once it was activated, no data survived," the firm said.

Due to this, Wiper remains unknown and Kaspersky has been unable to create detection for it.

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?