Mystery 'Wiper' malware linked to 'Duqu', says security firm

[InfoSec News <alerts () infosecnews org>]

http://news.techworld.com/security/3379060/mystery-wiper-malware-linked-duqu-says-security-firm/

By John E Dunn
Techworld
03 September 2012

It appeared from nowhere last April, attacked computers in Iran and then 
destroyed almost all evidence of its existence. But what was the 
super-destructive malware now dubbed ‘Wiper’?

Evidence for the malware emerged in April after the Iranian Oil Ministry 
announced that some of its installations had been attacked by a ‘worm’ 
that was deleting numerous types of data files from hard drives.

At the time, security watchers were left guessing about what might have 
caused the attack but the fact that it appeared to be focused on Iran 
and the Middle East raised suspicions that this was another cyber-attack 
along the lines of 2010’s Stuxnet assault on the state's nuclear plants.

Researchers set about trying to pin down what had become known thanks to 
its data-destroying capabilities as ‘Wiper’ and today, as Kaspersky’s 
latest analysis makes plain, the evidence remains tantalising but 
fragmentary.

[...]