web analytics
Perşembe, Temmuz 2, 2026
No Result
View All Result
  • Giriş
Türk İnternet
  • Ana Sayfa
  • BİLİŞİM
  • e-TİCARET
  • INTERNET
  • TELEKOM
  • YENİ TEKNOLOJİLER
  • Hakkımızda
  • Kişisel Verilerin Korunması
    • Çerez Aydınlatma Metni
    • İlgili Kişi Başvuru Formu
No Result
View All Result
  • Ana Sayfa
  • BİLİŞİM
  • e-TİCARET
  • INTERNET
  • TELEKOM
  • YENİ TEKNOLOJİLER
  • Hakkımızda
  • Kişisel Verilerin Korunması
    • Çerez Aydınlatma Metni
    • İlgili Kişi Başvuru Formu
No Result
View All Result
Türk İnternet
No Result
View All Result

Kaspersky Lab Publishes New Research on Destructive Malware, Wiper

Today, Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper - a destructive malware program attacking computer systems related to oil facilities in Western Asia. In May, Kaspersky Lab’s research team conducted a search prompted by the International Telecommunication Union to investigate the incidents and determine the potential threat from this new malware as it related to global sustainability and security.

turk-internet.com Staff-turk-internet.com Staff
30 Ağustos 2012
-Genel
0
Facebook'ta PaylaşTwitter'da PaylaşLinkedin'de Paylaş

Abingdon, UK, 30 August 2012 – Today, Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper – a destructive malware program attacking computer systems related to oil facilities in Western Asia. In May, Kaspersky Lab’s research team conducted a search prompted by the International Telecommunication Union to investigate the incidents and determine the potential threat from this new malware as it related to global sustainability and security.

The analysis provides insight into Wiper’s highly effective method of destroying computer systems, including its unique data wiping pattern and destructive behaviour. Although the search for Wiper resulted in the inadvertent discovery of Flame, Wiper itself was not discovered during the search and is still unidentified. In the meantime, Wiper’s effective way of destroying machines may have encouraged copycats to create destructive malware such as Shamoon, which appeared in August 2012.

Summary Findings:

  • Kaspersky Lab confirms that Wiper was responsible for the attacks launched on computer systems in Western Asia in April 2012.
  • Analysis of hard disk images of the computers destroyed by Wiper revealed a specific data wiping pattern together with a certain malware component name, which started with ~D. These findings are reminiscent of Duqu and Stuxnet, which also used filenames beginning with ~D, and were both built on the same attack platform, known as Tilded.
  • Kaspersky Lab began searching for other files starting with ~D via the Kaspersky Security Network (KSN) to try and find additional files of Wiper based on the connection with the Tilded platform.
  • During the process Kaspersky Lab identified a significant number of files in Western Asia named ~DEB93D.tmp. Further analysis showed this file was part of a different type of malware: Flame, which is how Kaspersky Lab discovered Flame.
  • Despite Flame being discovered during the search for Wiper, Kaspersky Lab’s research team believes Wiper and Flame are two separate and distinct malicious programs.
  • Although Kaspersky Lab analysed traces of the Wiper infection, the malware is still unknown because no additional wiping incidents that followed the same pattern occurred, and no detections of the malware have appeared in Kaspersky Lab’s proactive protection.
  • Wiper was extremely effective and could spark others to create new “copycat” types of destructive malware like Shamoon.

Alexander Gostev, Chief Security Expert at Kaspersky Lab, said:


    “Based on our analysis of the patterns Wiper left on examined hard disk images, there is no doubt that the malware existed and was used to attack computer systems in Western Asia in April of 2012, and probably even earlier – in December of 2011.

    Even though we discovered Flame during the search for Wiper, we believe that Wiper was not Flame but a separate and different type of malware.

    Wiper’s destructive behaviour combined with the filenames that were left on wiped systems strongly resembles a program that used the Tilded platform. Flame’s modular architecture was completely different and was designed to execute a sustained and thorough cyber-espionage campaign.

    We also did not identify any identical destructive behaviour that was used by Wiper during our analysis of Flame.”


Forensic Analysis of Wiped Computers

Kaspersky Lab’s analysis of the hard disk images taken by the machines destroyed by Wiper showed that the malicious program wiped the hard disks of the targeted systems and destroyed all data that could be used to identify the malware. The file system corrupted by Wiper prevented computers from rebooting and caused improper general functioning. This meant nothing was left after the activation of Wiper, on any machine that was analysed with little chance of recovering or restoring any data.

However, Kaspersky Lab’s research did reveal valuable insight, including the specific wiping pattern used by the malware along with certain malware component names and, in some instances, registry keys that revealed previous file names that were wiped from the hard disk. These registry keys all pointed to filenames that began with ~D.

Unique Wiping Pattern

Analysis of the wiping pattern uncovered a consistent method that was used on each machine that Wiper was activated on. Wiper’s algorithm was designed to quickly destroy as many files as effectively as possible – multiple gigabytes at a time. About three of four targeted machines had their data completely wiped. The operation focusing on destroying the first half of the disk then systematically wiping the remaining files that are required for the system to function properly, leading to the system finally crashing. In addition, Kaspersky Lab is aware of Wiper attacks that targeted PNF files, which would be meaningless if not related to removal of additional malware components. This was also an interesting finding, since Duqu and Stuxnet kept their main body encrypted in PNF files.

How the Search for Wiper Led to the Discovery of Flame

Temporary files (TMP) beginning with ~D were also used by Duqu, which was built on the same attack platform as Stuxnet: the Tilded platform. Based on this information, the research team started looking for other potentially unknown filenames related to Wiper based on the Tilded platform. They used KSN – the cloud infrastructure used by Kaspersky Lab products to report telemetry and to deliver instant protection in the forms of blacklists and heuristic rules designed to catch the newest threats. During this process Kaspersky Lab’s research team found that several computers in Western Asia contained the filename “~DEB93D.tmp” which is how Kaspersky Lab discovered Flame; however, Wiper was not found using this method and is still unidentified.

Etiketler: HaberManşet

Türk İnternet'ten buna benzer yazılar için bildirim almak ister misiniz?

ABONELİKTEN ÇIK
turk-internet.com Staff

turk-internet.com Staff

Lütfen yorum yapmak için giriş yapın.

GÜNLÜK BÜLTEN ABONELİĞİ

Aboneliğinizi onaylamak için gelen veya istenmeyen posta kutunuzu kontrol edin.

HAFTANIN ÖNE ÇIKANLARI

  • Yapay Zekâ Balonu Patlıyor mu? Wall Street İlk Kez YZ Harcamalarını Sorgulamaya Başladı
  • Elektronik Tebligatta Yeni Dönem: Zorunluluk Kanuna Girdi, Bakanlığın Yetkisi Sınırlandı
  • Trump Kuantuma Süre Koydu: 2028’e Kadar Sonuç İstiyor, Ama Kasayı Açmıyor
  • Microsoft’un İrlanda Birimi 47 Milyar Dolarlık Kar Elde Etti, Bu Tüm Kazançlarının % 38’i
  • Trump, ABD Teknoloji Devlerine Vergi Uygulayan Ülkelere %100 Gümrük Vergisi Uygulama Tehdidinde Bulundu

HAFTANIN KELİMESİ

3GPP

3. Nesil Ortaklık Projesi (3GPP), dünya çapında çeşitli mobil (hücresel) ve telekomünikasyon standartlarını geliştiren ve sürdüren bir grup standart kuruluşudur.

3G ile birlikte kurulmuş ve telekom endüstrisinin Birleşmiş Milletleri diye tanımlanabilir. Sonraki nesiller için de standartları belirlemiştir.

Detayı için Wiki-Turk'e bakınız

İNTERNET HIZI

Türkiye'nin İnternet Hızlarını Dünya ile KarşılaştırmakKaynak : https://www.speedtest.net/global-index#mobile
Facebook Twitter LinkedIn

Bildirimler

Turk-internet.com masaüstü bildirimlerini almak için lütfen buraya tıklayın

Son Yorumlar

  • ICANN, Yeterince Temsil Edilmeyen Toplulukları Yeni gTLD Başvuru Destek Programı İle Güçlendiriyor için Tolga Kaprol
  • BTK, Yabancı e-SIM Firmalarını Engelledi için Bulent SEN
  • Sahibinden.com Domain’inin Güncellenmesi Unutulmuş için Tolga Kaprol
  • İngiliz Düzenleyici Ofcom, Bulut Servislerini ve Akıllı Cihaz Pazarını Soruşturuyor için Tolga Kaprol
  • Seçim Yaklaşırken, Kişisel Veriler Kötüye Nasıl Kullanılır? için [email protected]

Türk İnternet'ten ilginize çekecek yazılar için bildirim almak ister misiniz?

Abone Ol

© Copyrights 2000-2025 - Bu sitede yayınlanan haber/söyleşi/makale ve bilgilerin tüm hakkı turk-internet.com'a aittir.

Tekrar Hoşgeldiniz!

Aşağıdan hesabınıza giriş yapınız

Şifremi unuttum?

Şifrenizi geri alın

Lütfen şifrenizi resetlemek için kullanıcı adı veya email adresinizi girin.

Giriş yap
No Result
View All Result
  • Ana Sayfa
  • BİLİŞİM
  • e-TİCARET
  • INTERNET
  • TELEKOM
  • YENİ TEKNOLOJİLER
  • Hakkımızda
  • Kişisel Verilerin Korunması
    • Çerez Aydınlatma Metni
    • İlgili Kişi Başvuru Formu

© Copyrights 2000-2025 - Bu sitede yayınlanan haber/söyleşi/makale ve bilgilerin tüm hakkı turk-internet.com'a aittir.