Shamoon the Wiper – Copycats at Work
Earlier today, we received an interesting collection of samples from colleagues at another anti-malware company.
The samples are especially interesting because they contain a module with the following string:
C:\Shamoon\ArabianGulf\wiper\release\wiper.pdb
Of course, the “wiper” reference immediately reminds us of the Iranian computer-wiping incidents from April 2012 that led to the discovery of Flame.
The malware is a 900KB PE file that contains a number of encrypted resources:
Read more: Shamoon the Wiper – Copycats at Work
Story added 21. September 2012, content source with full text you can find at link above.