Wiper (malware)

Wiper is the section (debated, see below) of the Shamoon agent (generally regarded as either a cyberweapon or at least as malware) responsible for destroying data on the target's hard disk (or similar storage) on systems running Microsoft Windows. Wiper is significant on its own, as it appears to have been incorporated into more than one agent, is difficult to detect, and resulted in the indirect detection of the Flame agent. The name shamoon in fact comes from a substring detected in what appears to be one of Wiper's search tables.

Symptoms and effects

The agent results in significant or total data loss on the system, including the agent's own executable code and data.

Major incidents

In a discussion on 10 November 2012, General Keith B. Alexander, Director of the NSA/CSS, USCYBERCOM commanding, reported that Wiper had "destroyed computers in Iran" in April, 2012.^[1]

History

Because the agent erases enough of the target's storage systems to—by inclusion—erase itself, initial efforts to obtain reference taxa were difficult. It was while attempting to do this, prompted in part by concerns at (though not commissioned by ^[2]) the ITU that security research firm Kaspersky Lab identified the Flame agent.^[3]

Arguments continue on the exact relationships between Wiper, Shamoon, and Flame.^[1] Likewise, debate continues regarding whether any of these qualifies as a cyberweapon (the very definition of which is still up for debate, but is generally seen to mean development or commission by either a state or a non-state actor other than an organized criminal group).

References

External links

• The perfect crime: Is Wiper malware connected to Stuxnet, Duqu?, August 29, 2012, Dan Goodin, Ars Technica