A surprisingly simple disk-wiping malware has set off alarm bells in Iran after surfacing in the Middle East nation. The software nasty deletes everything on storage drives attached to infected Windows PCs on specific dates, according to the Iranian security emergency response team. The malware was detected in one or more …
Re: was done to obscure the act
and depending on how cocky you are, you might even have compromised the data 6 months ago and now moved your penetration work elsewhere, so it's useful to redirect attention to a past infiltration location where they might waste even more precious time.
Heh, I remember making (playful/malicious) bat files in to exe files when I was still a teenager. Good to see the Iranian hacker is only 20 years behind the curve.
Must be a Hipster Hacker.
Next dispersal method is a CD with autorun.ini set to run the batchfile I guess.
Or another batchfile that sets all your file attrib's to hidden.
This is of course if they follow my learning curve as a kid writing things to terrorise my friends / school pc's.
nah... much more fun was using a basic hex editor to edit command.com's references to config.sys and auto exec.bat to a hidden system directory with two text files named anything you like.
Leave the existing autoexec.bat and config.sys in the root folder and watch your 'tech' colleagues get mightly confused why they couldn't update their systems.
it did have the added benefit in some cases of protecting some machines from their 'technical users'.
Not far off 4chan
And their constant attempts to con the gullible with "Delete system32, make your PC run faster"
telnet iran 22
pwnage mode go
I like big .bats and I can not lie
You other coders can't deny
That when a script executes with itty bitty waste
And a C:\ prompt in your face
You get sprung, wanna pull out your tough
'Cause you notice that .bat was stuffed
Deep in the files it's tearing
I'm hooked and I can't stop staring
Oh baby, I wanna exec you
And pipe your output...
Even Mac boys got to shout
Baby got .bat
@ David W.
Thank you, that was epic! Had to stifle a mid-office LOL
Re: @ David W.
That's good, because I had that damn song stuck in my head for the rest of the day...
Still, better that then fucking 'Feliz Navidad' - I'd rather get run over by Sir Mixalot's Mercedes than have to listen to that wretched song again.
RE: Baby got .bat
The first time I heard that song, "Baby Got Back", I damn near passed out from laughing so hard.
Thanks for giving me a good laugh today.
Oh shit, here comes the slave driver; better get back to work. Five PM tomorrow can not come soon enough!
These are Iranians - someone sent them a file that was 'executable' with a mouse click - of course they are going to do it! It's a lot easier than buying packet of gravel.
This isn't Stuxnet
This is one of the millions of trivial Windows viruses that are cranked out by bored 12 year olds in their bedrooms. It clearly isn't targeted at Iran, if it's common there it's only because every copy of Windows in Iran is pirated and as such can't get the normal Microsoft security updates. When the other commentors point out that using Linux wouldn't have protected the Iranians against Stuxnet, they are correct but that's entirely beside the point. There is no easy solution to protecting your systems against a determined attack by major nation states but it's pretty easy to protect yourself from 12 year olds. In most of the world a legal copy of Windows, getting the standard security updates, won't be particularly vulnerable. However a legal copy of Windows isn't an option for Iranians unless Steve Balmer has a secret desire to spend the rest of his life in a windowless cell beneath Florence Colorado. They do have the option of rolling an Iranian Linux distribution because there is no way to prevent the Iranians from downloading the source code and compiling their own. A supported Linux distro isn't vulnerable to the machinations of script kiddies.
From BOFH 2006, episode 8:
"Well I logged in as root earlier and I was just going to try that ps thing you mentioned, but instead I accidentally typed in 'nohup cd /; rm -rf * > /dev/null 2>&1 &' "
"Okay." he gasps, "Just type in fg."
"fg, ok, oh bugger, I accidentally typed control-d instead."
"I...well, I suppose we could have a lesson on reinstalling a box from scratch," he sniffs.
Did that once...
Have a Linux box I was going to wipe & re-install so thought I would try basically the above approach. Was quite surprised how far it got, eventually all of the text vanished from the Gnome desktop being replaced by small blank boxes (guess that was the fonts gone!) and finally it froze. Rebooted with a live CD to inspect the file system and only a handful of directories still existed (those with open 'files' before it finally stopped), but not any files as far as I remember.
Was impressed by its thoroughness!
Re: Did that once...
The font thing is interesting; it implies that the system is constantly re-rendering the contents of the window. Windows doesn't do that - it requires explicit repaint calls IIRC. So you could roast the fonts and a word processor would look normal until you tried to edit it or scroll the page, I think.
notes on this type of attack
Re: "if they are capable of developing nuclear power and (alleged) a nuclear weapons program; surely they can knock up an OS of their own."
I'm pretty sure Seiemens developed their nuclear power. That said, as bad as running Windows for anything important is, hardy anybody likes to reinvent the wheel. Very few people start an OS and few of those reach a useful state.
Re: comments about FAT and such... first, FAT doesn't mean "Windows 95 or older", NT3.5, 4, 2000, XP all supported NTFS but also FAT installs. I've seen FAT installs of Windows 2000 (I don't know why). Secondly, though,from the description in the article this virus was deleting THE USER'S OWN FILES. So, NTFS, ACLs, and proper filesystem permissions, won't do dick against this particular type of attack.
Well... I feel smug now for using Linux... DEL *.* does nothing, I tells ya. Nothing!! Wait, rm -R *? I have no idea what you're talking about 8-). (But seriously, a .sh file won't run without the execute bit turned on. But, if I were running random executables under Linux something naughty could wipe my home directory if it wanted.)
Re: notes on this type of attack
Well... I feel smug now for using Linux...
What do you mean, you feel smug now? I thought that was the default state of all Linux users!
Re: FAT doesn't mean "Windows 95 or older"
bitch, bitch, bitch.
Somebody goes and assumes something positive about a Windows Admin and all you can do is complain.
Yes, technically you can use FAT on all those other systems. But no competent Admin ever would, so yes, FAT means Windows 9x in the practioner's world.
Backups only as good as the original
Provided it hasnt deleted the backups or the backup software etc? *laughs* A simple bat file...