Shamoon the Wiper – Copycats at Work
Earlier today, we received an interesting collection of samples from colleagues at another anti-malware company.
The samples are especially interesting because they contain a module with the following string:
Of course, the “wiper” reference immediately reminds us of the Iranian computer-wiping incidents from April 2012 that led to the discovery of Flame.
The malware is a 900KB PE file that contains a number of encrypted resources: