Wiper is the section (debated, see below) of the Shamoon agent (generally regarded as either a cyberweapon or at least as malware) responsible for destroying data on the target's hard disk (or similar storage) on systems running Microsoft Windows. Wiper is significant on its own, as it appears to have been incorporated into more than one agent, is difficult to detect, and resulted in the indirect detection of the Flame agent. The name shamoon in fact comes from a substring detected in what appears to be one of Wiper's search tables.
Symptoms and effects
The agent results in significant or total data loss on the system, including the agent's own executable code and data.
Because the agent erases enough of the target's storage systems to—by inclusion—erase itself, initial efforts to obtain reference taxa were difficult. It was while attempting to do this, prompted in part by concerns at (though not commissioned by ) the ITU that security research firm Kaspersky Lab identified the Flame agent.
Arguments continue on the exact relationships between Wiper, Shamoon, and Flame. Likewise, debate continues regarding whether any of these qualifies as a cyberweapon (the very definition of which is still up for debate, but is generally seen to mean development or commission by either a state or a non-state actor other than an organized criminal group).
- paganinip on August 19th, 2012 (2012-08-19). "Shamoon Malware, cyber espionage tool, cyber weapon or … | Security Affairs". Securityaffairs.co. Retrieved 2012-12-15.
- ITU. "FAQs on FLAME" (PDF). Archived from the original (PDF) on 15 May 2013.
- "Infosecurity - Kaspersky looks at the wreckage of Wiper malware". Infosecurity-magazine.com. 2012-08-29. Retrieved 2012-12-15.
- The perfect crime: Is Wiper malware connected to Stuxnet, Duqu?, August 29, 2012, Dan Goodin, Ars Technica