back to article Baby got .BAT: Old-school malware terrifies Iran with del *.*

A surprisingly simple disk-wiping malware has set off alarm bells in Iran after surfacing in the Middle East nation. The software nasty deletes everything on storage drives attached to infected Windows PCs on specific dates, according to the Iranian security emergency response team. The malware was detected in one or more …

COMMENTS

This topic is closed for new posts.

Page:

  1. Ol'Peculier
    Flame

    Wouldn't

    Wouldn't

    deltree / rmtree *.* /s be better?

  2. Anonymous Coward
    Anonymous Coward

    Re: Wouldn't

    The files could still possibly be recovered since the commands just remove the file entries from the File Table.

    If you really want to destroy the files you would have to overwrite with random data.

  3. Framitz

    Re: Wouldn't

    I had a client some years back that executed a Trojan batch file that attempted this. It failed when it got to critical system files. The harm was undone with a little work and the PC was fine.

  4. Anonymous Coward
    Anonymous Coward

    Re: If you really want to destroy the files

    You would be surprised at the number of people, who should know better, who try a 'recovery CD' when something goes wrong and proceed to overwrite large portions of the HDD and previous file system tables and only THEN worry about what happened to their data.

  5. LarsG
    Meh

    If

    If an Iranian finds a spelling error in his work it is obviously down to the Great Satan America hacking his pencil and paper.

    Paranoid or what?

  6. Ian Johnston Silver badge
    WTF?

    Re: Wouldn't

    Why random?

  7. Allan George Dyer Silver badge
    Pint

    Re: Wouldn't

    Possibly recovered - if you happen to know someone who enjoyed doing those really large jigsaw puzzles, with names like "The World's Largest Jigsaw Puzzle" where all the pieces look the same. A moderately large, moderately fragmented disc with the File Table missing would be an excellent Christmas present for them.

    Personally, I'd recommend imaging the disc and restoring from backup...

  8. Anonymous Coward
    Anonymous Coward

    Re: Wouldn't

    why just destroy the data when you can screw with their heads?

    Corrupt the data first, THEN use del *.*

    That way they spend time recovering the data with recovery utilities and still have useless data. Or worse.

  9. Miek
    Linux

    Why is Iran even using Windows ? Are they completely stupid? This is software produced by one of their 'enemies'.

  10. Ledswinger Silver badge

    @Miek

    Presumably because the list of software produced by their friends is even shorter than the list of friends?

    Given the development of such highly specialised code as Stuxnet, it seems probable that even if the Iranians used some flavour of Linux, those behind Stuxnet will work out how to cause trouble. The supposed security advantages of Linux probably won't help much if you've got the Israelis and the Yanks working together on it.

  11. John G Imrie Silver badge

    Iran

    Are MS even allowed to sell to Iran?

  12. James Micallef Silver badge
    Pirate

    Re: Iran

    "Are MS even allowed to sell to Iran?"

    I'm sure Iran won't be feeling too guilty about pirating a few copies

  13. Ken Hagan Gold badge

    Re: Iran

    Probably not, now. Then again, unless the end-user is running as admin I think you'd need to be running a version of Windows that installed to FAT, so we're probably talking Win9x or earlier.

  14. Miek
    Linux

    Re: Iran

    I suspect that Windows is shipped to certain countries with certain specifications of encryption removed, it's the encryption used in the software that they don't want exported really.

  15. Miek
    Linux

    Re: @Miek

    "Presumably because the list of software produced by their friends is even shorter than the list of friends?" -- well, there is that, but, if they are capable of developing nuclear power and (alleged) a nuclear weapons program; surely they can knock up an OS of their own.

    "The supposed security advantages of Linux probably won't help much if you've got the Israelis and the Yanks working together on it." -- Absolutely, but, at least it would be more secure than the current system where a 12 year old skiddie can get access, as is the case with Windows.

    "The supposed security advantages of Linux" -- supposed?

  16. Anonymous Coward
    Anonymous Coward

    @Ken Hagen

    "unless the end-user is running as admin"

    If they are falling for this attack, one must also assume they are running with most users logged in as admin :(

  17. Ledswinger Silver badge

    Re: @Miek

    "if they are capable of developing nuclear power and (alleged) a nuclear weapons program; surely they can knock up an OS of their own."

    You'd have thought so, but there's surprisingly few ground up OS's developed that I've noticed, and I guess this reflects the fact that a true home brew needs the OS authors to write drivers and apps, so that altogether it is rather more than a trifling endeavour? And that assumes that you can write drivers for OEM hardware without their cooperation. Obviously if you just roll your own Linux flavour, that's a lot easier, but you're then making yourself vulnerable to the many clever people who know different flavours of Linux.

    That Linux is more secure I don't dispute - but if placing money on Iranian Linux security holding out against the Israelis, I wouldn't put my money on the penguin.

  18. Anonymous Coward
    Anonymous Coward

    Re: @Miek

    "if they are capable of developing nuclear power and (alleged) a nuclear weapons program; surely they can knock up an OS of their own."

    And if all they know about nuclear power they read about, nicked, or downloaded off the internet, where does that imply they go for their OS?

  19. Anonymous Coward
    Anonymous Coward

    What else are they going to use Einstein?

    Is there any major OS not produced in the West?

    Linux, Unix, OSX, Windows are all western made.

  20. JustNiz

    Re: Iran

    I'm sure the CIA and the NSA are only too happy to pay Microsoft to give Windows to the Iranian government for free.

  21. JustNiz

    Re: Iran

    I can't beleive you actually think Windows encryption is secure.

  22. Anonymous Coward
    Anonymous Coward

    @major OS not produced in the West?

    If I were the Iranians (OK, apart from being less of a dick-dead than their example so far) I would go for Linux simply because it is open enough to allow a reasonable chance of an un-tainted OS for secure use.

    Note, however, that is not saying Linux is totally secure, nor is it saying that Iranian BOFH are good enough to secure a working Internet-connected system against probing by NSA, Mossad, etc.

    All it says is you can check for most obvious back door-like features, something you can't really do with Windows or OSX, and the history of UNIX/Linux is based on default-to-secure behaviour, which has taken MS time to catch up with.

  23. Anonymous Coward
    Anonymous Coward

    "Linux, Unix, OSX, Windows are all western made."

    But I thought open source was a communist conspiracy?

  24. Anonymous Coward
    Trollface

    Re: @Miek

    ""The supposed security advantages of Linux" -- supposed?"

    Sticking to servers...

    Linux is definitely better than Windows and maybe even that Apple thing, but it is unarguably not as good as some other open offerings (both historically and currently) - even when ignoring 'special purpose' operating systems.

    Linux is good, but it is far from the best that is out there.

    Downvote away if you really think GNU/Linux is as secure as secure gets.

  25. Crazy Operations Guy

    Re: "as secure as secure gets."

    That would be OpenBSD, run by people that actually care about security, unlike Torvalds who has publicly stated that he doesn't give a shit about security.

  26. Adam 1 Silver badge

    Re: Iran

    Why do you think windows encryption is insecure? ( presuming you mean bitlocker)

    Or did I just feed a troll?

  27. Tom 13
    Devil

    Re: Iran

    I expect that after a quick call to the CIA the State Dept will be more than happy to issue an export license through specially chosen suppliers.

  28. Tom 13

    Re: it's the encryption

    Well, that's a part of it. But in the case of Iran, there's more to it than that. Remember there are also sanctions based on human rights violations. Note that I'm not claiming the sanctions have any chance of improving the situation, just that the US government has an additional restriction on them.

  29. Tom 13
    FAIL

    Re: communist conspiracy?

    Um...

    You do realize Marx was a freeloading Brit right?

  30. Anonymous Coward
    Anonymous Coward

    Re: Iran

    "I'm sure the CIA and the NSA are only too happy to pay Microsoft to give Windows to the Iranian government for free."

    Probably broadly correct, though I doubt they'd be that obvious as it's likely to raise suspicion. More probable that- as part of their you-scratch-my-back-and-I'll-scratch-yours arrangement- MS simply agree to not cause any problems for people trying to install and activate pirated Windows and other products in Iran.

  31. Fatman
    Mushroom

    Re: ...pay Microsoft to give Windows to the Iranian government for free.

    Of course they would, complete with hidden back doors!!!

    They probably even have a special build of it - just for the "evil" countries.

    What would they call it??

    Windows Swiss Cheese Edition?

  32. Robert Carnegie Silver badge

    Software made by an enemy

    Wait, why are -we- using Windows, then?

    Big respect for the suggestion that Microsoft Windows cannot be sold to Iran due to concern for human rights. After all, it violates mine. If this is written down somewhere, I want to know particularly if there is a right to not have the PC freeze from time to time for a full minute for NO REASON. Maybe I should move to Iran and get liberated.

  33. Uffish

    Re: communist conspiracy?

    I thought Karl Marx was a Prussian hack for the New York Tribune.

  34. Michael H.F. Wilkinson Silver badge
    Joke

    Frightened by del *.*?

    wait till they see

    rm -rf /

    (= F1 on BOFH keyboard)

    or

    shutdown -h now

    (=F2 on BOFH keyboard)

    And there is the even more powerful command for HEX:

    +++ reinstall universe +++

    +++ redo from start +++

  35. hplasm Silver badge
    Happy

    Re: Frightened by del *.*?

    Doesn't work.

    ++Out of Cheese Error++

  36. Miek
    Joke

    Re: Frightened by del *.*?

    "rm -rf /" -- I think you meant "sudo rm -rf /"

  37. Anonymous Coward
    Anonymous Coward

    Re: Frightened by del *.*?

    You might also want to use the "--no-preserve-root" option in recent Linuxs

    What is the plural of Linux?

  38. Not That Andrew

    Re: Frightened by del *.*?

    Any recent *nix actually, first appeared on Solaris, adopted by the BSDs and only then did GNU add it to their version.

  39. This post has been deleted by its author

  40. Anonymous Coward
    Anonymous Coward

    Re: Frightened by del *.*?

    Linii?

  41. Anonymous Coward
    Anonymous Coward

    Re: Frightened by del *.*?

    Linuopde

  42. Anonymous Coward
    Anonymous Coward

    Re: Frightened by del *.*?

    What's the singular of MS Windows?

  43. M Gale

    Re: Frightened by del *.*?

    "What's the singular of MS Windows?"

    TIFKAM.

  44. Anonymous Coward
    Anonymous Coward

    Re: "What is the plural of Linux?"

    Don't know, but the plural of Unix is Twix.

    Hmmm...twix.

  45. JustNiz

    Re: Frightened by del *.*?

    Windows 8.

  46. my farts clear the room
    Boffin

    Re: Frightened by del *.*?

    "What's the singular of MS Windows?"

    Pane ......?

  47. Christian Berger Silver badge

    Re: Frightened by del *.*?

    "What's the singular of MS Windows?"

    "Jeanette McKinlay" or "Peter Pretrel" of course. (I wonder who gets that reference)

  48. Matt Bryant Silver badge
    Boffin

    Must be skiddie work.

    Deleting data is very obvious, easily detected and easily repaired. What a pro would do is want access to data, to analyse for secrets without the owner knowing it is happening, or to make small corruptions to the data which renders it useless or misleading but which the owner does not realise until they go to use it. I suspect this is some Saudi or Israeli skiddie/hacktivist getting his lulz rather than the CIA, NSA, MI6, the Mossad, etc.

  49. Ryan 7
    Black Helicopters

    Re: Must be skiddie work.

    That's exactly what they want you to think.

  50. Robert Helpmann?? Silver badge
    Childcatcher

    Re: Must be skiddie work.

    Perhaps, though this sort of harassment combined with other efforts might prove more effective then either technique on its own. Depends on the goal, after all. I would guess you are right, but there is the possibility that the information was extracted and this was done to obscure the act - a bit like setting a building on fire to hide a theft.

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2018