Threat Database Malware Pure Goof Wiper

Pure Goof Wiper

By GoldSparrow in Malware

As its name implies, the Pure Goof Wiper is designed to wipe the victims' data. The Pure Goof Wiper has this single purpose; to infect the victim's computer and delete all the user-generated content, which may include images, audio, video, documents, configuration files, databases, and numerous other file types. The files that the Pure Goof Wiper will target in these kinds of attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Pure Goof Wiper's main purpose is to delete victims' files completely as a prank or to harass computer users or companies possibly.

Why the Criminals Create Threats Like the Pure Goof Wiper

The vast majority of malware threats active currently are designed to generate revenue, to make money for the criminals. There are many ways they can do this: they may collect valuable data or be used to carry out financial schemes, be used to extort or blackmail the victim, to take the victims' data hostage, or generate ad revenue by forcing the victims to visit unwanted websites or view unwanted advertisements. It does not seem that the Pure Goof Wiper has any kind of monetization purpose. The Pure Goof Wiper is simple; it enters the victim's computer and deletes the victim's data, wiping the user-generated data in the process completely.

Is It a Pure Goof?

The Pure Goof Wiper's code has the string 'pure_goof,' which is the origin of the Pure Goof Wiper's name, given to it by PC security researchers. The Pure Goof Wiper is contained in a very small file and may be delivered through fake file downloads. Malware researchers have noted that it can, for example, be delivered to the victim in the form of fake updates for Adobe Flash or through corrupted Microsoft Office documents with enabled macros that download and install the Pure Goof Wiper. Once the Pure Goof Wiper is installed, it scans the victim's drives for the user-generated files and then deletes them. Some versions of the Pure Goof Wiper also may try to delete data on external memory devices connected to the victim's PC.

Dealing with the Pure Goof Wiper Infection

Unfortunately, once the Pure Goof Wiper has carried out its attack, the victim's data will be lost. It may be viable to recover some data from the Shadow Volume Copies, but generally, it will be off-track. Therefore, it is important to have file backups on external devices or the cloud, which can then be used to recover from attacks like the Pure Goof Wiper or other threats that target the victims' data.


Most Viewed