ZeroCleare – New Destructive Wiper Malware Targets Energy Sector in Middle East

IBM X-Force Incident Response and Intelligence Services (IRIS) has been tracking a new destructive malware campaign dubbed ZeroCleare. X-Force IRIS has been following the evolution of destructive, disk-wiping malware since the first Shamoon attacks during the summer of 2012, and recently discovered ZeroCleare being used to execute a destructive attack on organizations in the energy and industrial sectors in the Middle East. According to IRIS, ZeroCleare bears some similarity to the Shamoon malware, and aims to overwrite the master boot record (MBR) and disk partitions on Windows-based machines using a legitimate toolkit (EldoS RawDisk) for interacting with files, disks and partitions. It is believed that ZeroCleare attacks are not opportunistic and appear to be targeted operations against specific organizations. Read more details about ZeroCleare at SecurityIntelligence