Jump to content

Wiper (malware)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by BattyBot (talk | contribs) at 20:53, 8 February 2015 (Major incidents: Fixed author and/or language parameters in citation templates, General fixes using AWB (10810)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Wiper is the section (debated, see below) of the Shamoon agent (generally regarded as either a cyberweapon or at least as malware) responsible for destroying data on the target's hard disk (or similar storage) on systems running Microsoft Windows. Wiper is significant on its own, as it appears to have been incorporated into more than one agent, is difficult to detect, and resulted in the indirect detection of the Flame agent. The name shamoon in fact comes from a substring detected in what appears to be one of Wiper's search tables.

Symptoms and effects

The agent results in significant or total data loss on the system, including the agent's own executable code and data.

Major incidents

In a discussion on 10 November 2012, General Keith B. Alexander, Director of the NSA/CSS, USCYBERCOM commanding, reported that Wiper had "destroyed computers in Iran" in April, 2012.[1]

History

Because the agent erases enough of the target's storage systems to—by inclusion—erase itself, initial efforts to obtain reference taxa were difficult.[citation needed] It was while attempting to do this, prompted in part by concerns at (though not commissioned by [2]) the ITU that security research firm Kaspersky Lab identified the Flame agent.[3]

Arguments continue on the exact relationships between Wiper, Shamoon, and Flame.[1] Likewise, debate continues regarding whether any of these qualifies as a cyberweapon (the very definition of which is still up for debate, but is generally seen to mean development or commission by either a state or a non-state actor other than an organized criminal group).

References

  1. ^ a b paganinip on August 19th, 2012 (2012-08-19). "Shamoon Malware, cyber espionage tool, cyber weapon or … | Security Affairs". Securityaffairs.co. Retrieved 2012-12-15.{{cite web}}: CS1 maint: numeric names: authors list (link)
  2. ^ http://www.itu.int/cybersecurity/Articles/FAQs_on_FLAME.pdf
  3. ^ "Infosecurity - Kaspersky looks at the wreckage of Wiper malware". Infosecurity-magazine.com. 2012-08-29. Retrieved 2012-12-15.