Data Wiping Malware
With exception to Stuxnet, all of the recent big discoveries in malware trampling the Middle East have not been destructive. Duqu, Flame and Gauss among others all seem to be oriented towards spying as they feature the traditional key loggers, microphone enablers, etc. Yet another piece of malware has been found lurking about, this time in Saudi Arabian energy systems and its destructive. The malware has bounced between being named Shamoon and Wiper, based on strings found internally. In a nutshell, reverse engineers have discovered it uses a legitimate, signed driver (stolen) in order to gain low level disk access to perform a data wipe. A continued effort suggests the malware also exfiltrates infomation about the target computer to an internal node used as a single point of presence for assessing its destructive success. All of this is consolidated in a nice, neat little delivery package totaling only about 900kb.