Wiper
True to its name, Wiper has the ability to wipe a drive completely clean. This includes all data on that hard drive as well as Wiper's own code. This makes Wiper particularly difficult to study for PC security researchers, since any traces of this malware infection's code is gone after its payload hits. Like other highly-publicized attacks in Iran such as Stuxnet and Flame, Wiper attacked the infrastructure of Iran's vital oil industry, making it possible for this malware threat to be linked to previous infections in more than one way.
Possible Links Between Wiper and Other, Similar Malware Threats
The link is all the more apparent because Wiper has quite a lot in common with these previous attacks. However, these similarities are not strong enough to determine the connection. However, researchers suspect that Wiper may be part of an attack on all fronts on Iranian infrastructure that may be being accomplished by Israel and the United States. ESG security researchers also suspect that Wiper may have served as a basis for the Shamoon malware threat, which is a bit less sophisticated and also responsible for large-scale malware attacks in the Middle East.
The Main Target of Wiper
Wiper targeted computers belonging to the National Iranian Oil Company and the Iranian Oil Ministry. The bulk of Wiper attacks were carried out in April of 2012. Wiper is designed to delete data and, unfortunately, due to the nature of this infection, Wiper is quite difficult to study. This is because no PC security researchers have been able to study Wiper's code directly, although it has been possible to study its effects on many of the attacked Iranian machines.
A Wiper attack wipes the victim's hard drives completely, leaving nothing in its wake. However, some PC security researchers have able to pinpoint a specific Registry key left behind after a Wiper attack. Due to a specific string contained in this file, PC security researchers have linked Wiper to a previous malware infection known as DuQu which also attacked computers in the Middle East. Another possible connection is the way Wiper first attacks files with the PNF extension, which are files that are used by Stuxnet and DuQu in their attack. In fact, one possible theory on the nature of Wiper is that this malware attack was designed to go in and wipe all traces left behind by Stuxnet or DuQu after an attack.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.