Iran CERT recently announced that it uncovered a possible targeted attack using a malware that wipes files that will run on certain predefined time frame. They noted its efficiency in performing its routines despite its simplistic design.

The way this malware was created was also deemed unusual, as the author wrote a series of batch files then used a utility to convert it into an executable file.

Detected by Trend Micro as TROJ_BATWIPER.A, we found that this Trojan is designed to delete files found on the desktop and drives D to I, particularly those that run on these specific dates:

• December 10-12, 2012
• January 21-23, 2013
• May 6-8, 2013
• July 22-24, 2013
• November 11-13, 2013
• February 3-5, 2014
• May 5-7, 2014
• August 11-13, 2014
• February 2-4, 2015

Read the rest of this entry »