Shamoon the Wiper – Copycats at Work

Earlier today, we received an interesting collection of samples from colleagues at another anti-malware company.

The samples are especially interesting because they contain a module with the following string:


Of course, the “wiper” reference immediately reminds us of the Iranian computer-wiping incidents from April 2012 that led to the discovery of Flame.

The malware is a 900KB PE file that contains a number of encrypted resources:

Shamoon resources

Read more: Shamoon the Wiper – Copycats at Work

Story added 21. September 2012, content source with full text you can find at link above.