Feeds

back to article Baby got .BAT: Old-school malware terrifies Iran with del *.*

A surprisingly simple disk-wiping malware has set off alarm bells in Iran after surfacing in the Middle East nation. The software nasty deletes everything on storage drives attached to infected Windows PCs on specific dates, according to the Iranian security emergency response team. The malware was detected in one or more …

COMMENTS

This topic is closed for new posts.

Page:

Flame

Wouldn't

Wouldn't

deltree / rmtree *.* /s be better?

0
1
Anonymous Coward

Re: Wouldn't

The files could still possibly be recovered since the commands just remove the file entries from the File Table.

If you really want to destroy the files you would have to overwrite with random data.

1
0

Re: Wouldn't

I had a client some years back that executed a Trojan batch file that attempted this. It failed when it got to critical system files. The harm was undone with a little work and the PC was fine.

0
0
Anonymous Coward

Re: If you really want to destroy the files

You would be surprised at the number of people, who should know better, who try a 'recovery CD' when something goes wrong and proceed to overwrite large portions of the HDD and previous file system tables and only THEN worry about what happened to their data.

0
0
Silver badge
Meh

If

If an Iranian finds a spelling error in his work it is obviously down to the Great Satan America hacking his pencil and paper.

Paranoid or what?

0
0
WTF?

Re: Wouldn't

Why random?

0
0
Bronze badge
Pint

Re: Wouldn't

Possibly recovered - if you happen to know someone who enjoyed doing those really large jigsaw puzzles, with names like "The World's Largest Jigsaw Puzzle" where all the pieces look the same. A moderately large, moderately fragmented disc with the File Table missing would be an excellent Christmas present for them.

Personally, I'd recommend imaging the disc and restoring from backup...

0
0
Anonymous Coward

Re: Wouldn't

why just destroy the data when you can screw with their heads?

Corrupt the data first, THEN use del *.*

That way they spend time recovering the data with recovery utilities and still have useless data. Or worse.

0
0
Silver badge
Linux

Why is Iran even using Windows ? Are they completely stupid? This is software produced by one of their 'enemies'.

6
2
Silver badge

@Miek

Presumably because the list of software produced by their friends is even shorter than the list of friends?

Given the development of such highly specialised code as Stuxnet, it seems probable that even if the Iranians used some flavour of Linux, those behind Stuxnet will work out how to cause trouble. The supposed security advantages of Linux probably won't help much if you've got the Israelis and the Yanks working together on it.

7
0
Silver badge

Iran

Are MS even allowed to sell to Iran?

1
0
Silver badge
Pirate

Re: Iran

"Are MS even allowed to sell to Iran?"

I'm sure Iran won't be feeling too guilty about pirating a few copies

3
0
Gold badge

Re: Iran

Probably not, now. Then again, unless the end-user is running as admin I think you'd need to be running a version of Windows that installed to FAT, so we're probably talking Win9x or earlier.

0
0
Silver badge
Linux

Re: Iran

I suspect that Windows is shipped to certain countries with certain specifications of encryption removed, it's the encryption used in the software that they don't want exported really.

0
1
Silver badge
Linux

Re: @Miek

"Presumably because the list of software produced by their friends is even shorter than the list of friends?" -- well, there is that, but, if they are capable of developing nuclear power and (alleged) a nuclear weapons program; surely they can knock up an OS of their own.

"The supposed security advantages of Linux probably won't help much if you've got the Israelis and the Yanks working together on it." -- Absolutely, but, at least it would be more secure than the current system where a 12 year old skiddie can get access, as is the case with Windows.

"The supposed security advantages of Linux" -- supposed?

1
4
Anonymous Coward

@Ken Hagen

"unless the end-user is running as admin"

If they are falling for this attack, one must also assume they are running with most users logged in as admin :(

0
0
Silver badge

Re: @Miek

"if they are capable of developing nuclear power and (alleged) a nuclear weapons program; surely they can knock up an OS of their own."

You'd have thought so, but there's surprisingly few ground up OS's developed that I've noticed, and I guess this reflects the fact that a true home brew needs the OS authors to write drivers and apps, so that altogether it is rather more than a trifling endeavour? And that assumes that you can write drivers for OEM hardware without their cooperation. Obviously if you just roll your own Linux flavour, that's a lot easier, but you're then making yourself vulnerable to the many clever people who know different flavours of Linux.

That Linux is more secure I don't dispute - but if placing money on Iranian Linux security holding out against the Israelis, I wouldn't put my money on the penguin.

3
0
Anonymous Coward

Re: @Miek

"if they are capable of developing nuclear power and (alleged) a nuclear weapons program; surely they can knock up an OS of their own."

And if all they know about nuclear power they read about, nicked, or downloaded off the internet, where does that imply they go for their OS?

1
0
Anonymous Coward

What else are they going to use Einstein?

Is there any major OS not produced in the West?

Linux, Unix, OSX, Windows are all western made.

1
0

Re: Iran

I'm sure the CIA and the NSA are only too happy to pay Microsoft to give Windows to the Iranian government for free.

1
0

Re: Iran

I can't beleive you actually think Windows encryption is secure.

1
0
Anonymous Coward

@major OS not produced in the West?

If I were the Iranians (OK, apart from being less of a dick-dead than their example so far) I would go for Linux simply because it is open enough to allow a reasonable chance of an un-tainted OS for secure use.

Note, however, that is not saying Linux is totally secure, nor is it saying that Iranian BOFH are good enough to secure a working Internet-connected system against probing by NSA, Mossad, etc.

All it says is you can check for most obvious back door-like features, something you can't really do with Windows or OSX, and the history of UNIX/Linux is based on default-to-secure behaviour, which has taken MS time to catch up with.

2
0
Anonymous Coward

"Linux, Unix, OSX, Windows are all western made."

But I thought open source was a communist conspiracy?

3
1
Trollface

Re: @Miek

""The supposed security advantages of Linux" -- supposed?"

Sticking to servers...

Linux is definitely better than Windows and maybe even that Apple thing, but it is unarguably not as good as some other open offerings (both historically and currently) - even when ignoring 'special purpose' operating systems.

Linux is good, but it is far from the best that is out there.

Downvote away if you really think GNU/Linux is as secure as secure gets.

2
0
Bronze badge

Re: "as secure as secure gets."

That would be OpenBSD, run by people that actually care about security, unlike Torvalds who has publicly stated that he doesn't give a shit about security.

2
0
Bronze badge

Re: Iran

Why do you think windows encryption is insecure? ( presuming you mean bitlocker)

Or did I just feed a troll?

0
0
Silver badge
Devil

Re: Iran

I expect that after a quick call to the CIA the State Dept will be more than happy to issue an export license through specially chosen suppliers.

0
0
Silver badge

Re: it's the encryption

Well, that's a part of it. But in the case of Iran, there's more to it than that. Remember there are also sanctions based on human rights violations. Note that I'm not claiming the sanctions have any chance of improving the situation, just that the US government has an additional restriction on them.

0
0
Silver badge
FAIL

Re: communist conspiracy?

Um...

You do realize Marx was a freeloading Brit right?

0
0
Anonymous Coward

Re: Iran

"I'm sure the CIA and the NSA are only too happy to pay Microsoft to give Windows to the Iranian government for free."

Probably broadly correct, though I doubt they'd be that obvious as it's likely to raise suspicion. More probable that- as part of their you-scratch-my-back-and-I'll-scratch-yours arrangement- MS simply agree to not cause any problems for people trying to install and activate pirated Windows and other products in Iran.

0
0
Bronze badge
Mushroom

Re: ...pay Microsoft to give Windows to the Iranian government for free.

Of course they would, complete with hidden back doors!!!

They probably even have a special build of it - just for the "evil" countries.

What would they call it??

Windows Swiss Cheese Edition?

0
0
Bronze badge

Software made by an enemy

Wait, why are -we- using Windows, then?

Big respect for the suggestion that Microsoft Windows cannot be sold to Iran due to concern for human rights. After all, it violates mine. If this is written down somewhere, I want to know particularly if there is a right to not have the PC freeze from time to time for a full minute for NO REASON. Maybe I should move to Iran and get liberated.

0
0
Bronze badge

Re: communist conspiracy?

I thought Karl Marx was a Prussian hack for the New York Tribune.

0
0
Silver badge
Joke

Frightened by del *.*?

wait till they see

rm -rf /

(= F1 on BOFH keyboard)

or

shutdown -h now

(=F2 on BOFH keyboard)

And there is the even more powerful command for HEX:

+++ reinstall universe +++

+++ redo from start +++

5
1
Silver badge
Happy

Re: Frightened by del *.*?

Doesn't work.

++Out of Cheese Error++

6
0
Silver badge
Joke

Re: Frightened by del *.*?

"rm -rf /" -- I think you meant "sudo rm -rf /"

1
0
Anonymous Coward

Re: Frightened by del *.*?

You might also want to use the "--no-preserve-root" option in recent Linuxs

What is the plural of Linux?

0
0
Bronze badge

Re: Frightened by del *.*?

Any recent *nix actually, first appeared on Solaris, adopted by the BSDs and only then did GNU add it to their version.

1
0

This post has been deleted by its author

Anonymous Coward

Re: Frightened by del *.*?

Linii?

0
0
Anonymous Coward

Re: Frightened by del *.*?

Linuopde

0
0
Anonymous Coward

Re: Frightened by del *.*?

What's the singular of MS Windows?

0
0
Silver badge

Re: Frightened by del *.*?

"What's the singular of MS Windows?"

TIFKAM.

7
0
Anonymous Coward

Re: "What is the plural of Linux?"

Don't know, but the plural of Unix is Twix.

Hmmm...twix.

4
0

Re: Frightened by del *.*?

Windows 8.

0
0
Boffin

Re: Frightened by del *.*?

"What's the singular of MS Windows?"

Pane ......?

1
0
Silver badge

Re: Frightened by del *.*?

"What's the singular of MS Windows?"

"Jeanette McKinlay" or "Peter Pretrel" of course. (I wonder who gets that reference)

0
0
Silver badge
Boffin

Must be skiddie work.

Deleting data is very obvious, easily detected and easily repaired. What a pro would do is want access to data, to analyse for secrets without the owner knowing it is happening, or to make small corruptions to the data which renders it useless or misleading but which the owner does not realise until they go to use it. I suspect this is some Saudi or Israeli skiddie/hacktivist getting his lulz rather than the CIA, NSA, MI6, the Mossad, etc.

3
0
Black Helicopters

Re: Must be skiddie work.

That's exactly what they want you to think.

6
0
Bronze badge
Childcatcher

Re: Must be skiddie work.

Perhaps, though this sort of harassment combined with other efforts might prove more effective then either technique on its own. Depends on the goal, after all. I would guess you are right, but there is the possibility that the information was extracted and this was done to obscure the act - a bit like setting a building on fire to hide a theft.

1
0

Page:

This topic is closed for new posts.