Thursday, August 30, 2012

Kaspersky's Forensic Analysis Examines Destructive Wiper Virus

Kaspersky Lab released digital forensic analysis of  a destructive malware program, codenamed Wiper, which was discovered in Iran in May.

Although the malware code itself has note been identified, an analysis of the hard disks of machines destroyed by Wiper, including its unique data wiping pattern and destructive behavior, suggest that it may be related to Duqu and Stuxnet.  During an attack, Wiper destroys all traces of itself, wipes critical data from the disk, and corrupts the file system so thoroughly that the machine cannot be rebooted and no data can be recovered or restored.

Kaspersky Lab noted that no additional wiping incidents that followed the same pattern occurred, and no detections of the malware have appeared in Kaspersky Lab’s proactive protection.

Shamoon, another destrcutive malware which appeared in August 2012, is not believed to be related.  Further analysis is posted.