back to article Baby got .BAT: Old-school malware terrifies Iran with del *.*

A surprisingly simple disk-wiping malware has set off alarm bells in Iran after surfacing in the Middle East nation. The software nasty deletes everything on storage drives attached to infected Windows PCs on specific dates, according to the Iranian security emergency response team. The malware was detected in one or more …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Black Helicopters

Re: was done to obscure the act

and depending on how cocky you are, you might even have compromised the data 6 months ago and now moved your penetration work elsewhere, so it's useful to redirect attention to a past infiltration location where they might waste even more precious time.

0
0

BAT2EXE

Heh, I remember making (playful/malicious) bat files in to exe files when I was still a teenager. Good to see the Iranian hacker is only 20 years behind the curve.

3
1
Trollface

Re: BAT2EXE

Must be a Hipster Hacker.

3
0
Happy

Re: BAT2EXE

Next dispersal method is a CD with autorun.ini set to run the batchfile I guess.

Or another batchfile that sets all your file attrib's to hidden.

This is of course if they follow my learning curve as a kid writing things to terrorise my friends / school pc's.

1
1
Anonymous Coward

Re: BAT2EXE

nah... much more fun was using a basic hex editor to edit command.com's references to config.sys and auto exec.bat to a hidden system directory with two text files named anything you like.

Leave the existing autoexec.bat and config.sys in the root folder and watch your 'tech' colleagues get mightly confused why they couldn't update their systems.

it did have the added benefit in some cases of protecting some machines from their 'technical users'.

0
0

Not far off 4chan

And their constant attempts to con the gullible with "Delete system32, make your PC run faster"

0
0

telnet iran 22

pwnage mode go

0
0
Coat

I like big .bats and I can not lie

You other coders can't deny

That when a script executes with itty bitty waste

And a C:\ prompt in your face

You get sprung, wanna pull out your tough

'Cause you notice that .bat was stuffed

Deep in the files it's tearing

I'm hooked and I can't stop staring

Oh baby, I wanna exec you

And pipe your output...

Even Mac boys got to shout

Baby got .bat

16
0

@ David W.

Thank you, that was epic! Had to stifle a mid-office LOL

[Upclick]

0
0
Anonymous Coward

Re: @ David W.

That's good, because I had that damn song stuck in my head for the rest of the day...

Still, better that then fucking 'Feliz Navidad' - I'd rather get run over by Sir Mixalot's Mercedes than have to listen to that wretched song again.

0
0
Bronze badge
Happy

RE: Baby got .bat

The first time I heard that song, "Baby Got Back", I damn near passed out from laughing so hard.

Thanks for giving me a good laugh today.

Oh shit, here comes the slave driver; better get back to work. Five PM tomorrow can not come soon enough!

0
0

This post has been deleted by its author

Silver badge
Joke

Sir

These are Iranians - someone sent them a file that was 'executable' with a mouse click - of course they are going to do it! It's a lot easier than buying packet of gravel.

1
0
Anonymous Coward

This isn't Stuxnet

This is one of the millions of trivial Windows viruses that are cranked out by bored 12 year olds in their bedrooms. It clearly isn't targeted at Iran, if it's common there it's only because every copy of Windows in Iran is pirated and as such can't get the normal Microsoft security updates. When the other commentors point out that using Linux wouldn't have protected the Iranians against Stuxnet, they are correct but that's entirely beside the point. There is no easy solution to protecting your systems against a determined attack by major nation states but it's pretty easy to protect yourself from 12 year olds. In most of the world a legal copy of Windows, getting the standard security updates, won't be particularly vulnerable. However a legal copy of Windows isn't an option for Iranians unless Steve Balmer has a secret desire to spend the rest of his life in a windowless cell beneath Florence Colorado. They do have the option of rolling an Iranian Linux distribution because there is no way to prevent the Iranians from downloading the source code and compiling their own. A supported Linux distro isn't vulnerable to the machinations of script kiddies.

1
0
Trollface

From BOFH 2006, episode 8:

"Well I logged in as root earlier and I was just going to try that ps thing you mentioned, but instead I accidentally typed in 'nohup cd /; rm -rf * > /dev/null 2>&1 &' "

"Okay." he gasps, "Just type in fg."

"fg, ok, oh bugger, I accidentally typed control-d instead."

"I...well, I suppose we could have a lesson on reinstalling a box from scratch," he sniffs.

1
0
Silver badge

Did that once...

Have a Linux box I was going to wipe & re-install so thought I would try basically the above approach. Was quite surprised how far it got, eventually all of the text vanished from the Gnome desktop being replaced by small blank boxes (guess that was the fonts gone!) and finally it froze. Rebooted with a live CD to inspect the file system and only a handful of directories still existed (those with open 'files' before it finally stopped), but not any files as far as I remember.

Was impressed by its thoroughness!

1
0
Anonymous Coward

Re: Did that once...

The font thing is interesting; it implies that the system is constantly re-rendering the contents of the window. Windows doesn't do that - it requires explicit repaint calls IIRC. So you could roast the fonts and a word processor would look normal until you tried to edit it or scroll the page, I think.

0
0
Gold badge

notes on this type of attack

Re: "if they are capable of developing nuclear power and (alleged) a nuclear weapons program; surely they can knock up an OS of their own."

I'm pretty sure Seiemens developed their nuclear power. That said, as bad as running Windows for anything important is, hardy anybody likes to reinvent the wheel. Very few people start an OS and few of those reach a useful state.

Re: comments about FAT and such... first, FAT doesn't mean "Windows 95 or older", NT3.5, 4, 2000, XP all supported NTFS but also FAT installs. I've seen FAT installs of Windows 2000 (I don't know why). Secondly, though,from the description in the article this virus was deleting THE USER'S OWN FILES. So, NTFS, ACLs, and proper filesystem permissions, won't do dick against this particular type of attack.

Well... I feel smug now for using Linux... DEL *.* does nothing, I tells ya. Nothing!! Wait, rm -R *? I have no idea what you're talking about 8-). (But seriously, a .sh file won't run without the execute bit turned on. But, if I were running random executables under Linux something naughty could wipe my home directory if it wanted.)

1
1
Joke

Re: notes on this type of attack

Well... I feel smug now for using Linux...

What do you mean, you feel smug now? I thought that was the default state of all Linux users!

3
0
Silver badge

Re: FAT doesn't mean "Windows 95 or older"

bitch, bitch, bitch.

Somebody goes and assumes something positive about a Windows Admin and all you can do is complain.

Yes, technically you can use FAT on all those other systems. But no competent Admin ever would, so yes, FAT means Windows 9x in the practioner's world.

0
0
FAIL

Backups only as good as the original

Provided it hasnt deleted the backups or the backup software etc? *laughs* A simple bat file...

0
0

Page:

This topic is closed for new posts.

Forums