Hard Drive Destruction

New computer virus wiping Iranian hard drives
Iranian technicians work at the Bushehr nuclear power plant in Iran / AP

Iranian technicians work at the Bushehr nuclear power plant in Iran / AP


A mysterious new computer virus has infected Iranian computers and is completely wiping users’ hard drives, according to Iranian officials.

The “efficient” virus is said to “wipe files on different drives in various predefined times” and cannot be detected by anti-virus software, Iran’s official Information Technology Organization revealed in a statement over the weekend.

The malware does not appear to be as sophisticated as previous viruses that have targeted computers governing Iran’s nuclear program, according to the statement.

However, the website Ars Technica reported that the virus bears similarities to previous programs used to spy on Iran:

Dubbed Batchwiper, the malware systematically wipes any drive partitions starting with the letters D through I, along with any files stored on the Windows desktop of the user who is logged in when it’s executed, according to security researchers who independently confirmed the findings. The reports come seven months after an investigation into another wiper program targeting the region led to the discovery of Flame, the highly sophisticated espionage malware reportedly designed by the US and Israel to spy on Iran. Wiper, as the earlier wiping program is known, shared a file-naming convention almost identical to those used by the state-sponsored Stuxnet and Duqu operations, an indication it may have been related, security researchers said.

The latest virus “is not considered to be widely distributed,” according to the statement released by Maher, Iran’s Computer Emergency Response Team Coordination Center.

“This targeted attack is simple in design and it is not any similarity to the other sophisticated targeted attacks,” according to the statement.

Separate reports indicate that the virus may have been deleting files for more than a week.

“According to Symantec, the batch file is programmed to wipe drives only on certain dates, with the next one being Jan. 21,” Ars Technica reported. “Previous dates listed in the file include Dec. 11, 12, and 13, suggesting the malware campaign may have been active for the past week and may already have inflicted damage.”

The virus is also reportedly capable of remaining on a person’s system after it has been fully rebooted.

Adam Kredo   Email Adam | Full Bio | RSS
Adam Kredo is senior writer for the Washington Free Beacon. Formerly an award-winning political reporter for the Washington Jewish Week, where he frequently broke national news, Kredo’s work has been featured in outlets such as the Jerusalem Post, the Jewish Telegraphic Agency, and Politico, among others. He lives in Maryland with his comic books. His Twitter handle is @Kredo0. His email address is kredo@freebeacon.com.

Get the news that matters most to you, delivered straight to your inbox daily.

Register today!