Arik Hesseldahl

Recent Posts by Arik Hesseldahl

A New, Simpler Malware Outbreak Appears In Iran

strangelove380Another new bit of malware has cropped up in Iran, maybe targeting computers associated with the Iranian nuclear research program, maybe not. That country’s Computer Emergency Response Team announced the discovery, and, as usual, computer security experts have been poring over the malware to see what it does.

Experts at Russia’s Kaspersky Labs say it’s pretty simple, and thus perhaps not directly connected to the more spectacular malware attacks launched in recent years on Iran by parties widely assumed to be the U.S. and Israel. This new one, dubbed GrooveMonitor, is a variant of a previously-seen Trojan called Win32.Maya.a.

Its primary function is deleting Windows hard drive partitions, but it does so only within nine specific date ranges, each about two days long — starting with the period of December 10-12 of this year and ending with the period of February 2-4, 2015. On those dates, it waits for a little while and then deletes a range of hard drive partitions labeled with the letters D through I.

It may be a case of simplicity being the ultimate sophistication, as Leonardo da Vinci put it. If it does turn out to be the latest shot in the ongoing cyberwar campaign against Iran, it’s an interesting feint after a string of highly sophisticated digital weapons including Gauss — which aimed at stealing the bank and financial account information of people using targeted machines — and Flame, a sort of Swiss Army Knife of spying tools. Then, of course, there was Stuxnet itself, which caused Iranian nuclear centrifuges to spin out of control and explode. After years of finely-tuned, expensive and carefully-targeted cyber weapons, this one is more of a blunt instrument.

In being less than cutting-edge, the malware carries with it the cloak of plausible deniability. As is always the case with these incidents, attribution — figuring out the responsible party — is ridiculously tough. Since it’s a variant of a previously-seen Trojan, the more skeptical view of the Iranian reports might attribute the outbreak to bad luck and poor maintenance. There’s also less of a chance that the world’s computer criminals will learn anything new and nasty from the uber-hackers at the CIA and Mossad. That means less chance — at least in this case — of unintended blowback down the road.

Latest Video

View all videos »

Search »

I think the NSA has a job to do and we need the NSA. But as (physicist) Robert Oppenheimer said, “When you see something that is technically sweet, you go ahead and do it and argue about what to do about it only after you’ve had your technical success. That is the way it was with the atomic bomb.”

— Phil Zimmerman, PGP inventor and Silent Circle co-founder, in an interview with Om Malik