Researchers Unable to Link Mysterious Wiper Malware to Flame

After further analyzing the traces of the mysterious Wiper malware, researchers are still unable to precisely determine how it works. They also haven’t been able to find a clear link between it and Duqu, Stuxnet or Flame.

Back in April, the Iranian Oil Ministry reported sightings of a destructive piece of malware that attempted to extract information and then wipe it from the infected devices, hence the name Wiper.

Kaspersky was called in to analyze the attack that took place sometime between April 21 and April 30. The malware’s developers destroyed all the pieces of information that could be used to properly analyze Wiper.

However, their investigation led them to another interesting thing: the now-infamous Flame.

“The malware was so well written that once it was activated, no data survived,” Kaspersky experts explained.

“So, although we’ve seen traces of the infection, the malware is still unknown because we have not seen any additional wiping incidents that followed the same pattern as Wiper, and no detections of the malware have appeared in the proactive detection components of our security solutions.”

They claim that we may never find out precisely what Wiper was and although it led them to discover Flame, they believe that the two are not connected.

Some common filenames indicate a possible connection to Duqu and Stuxnet, but there isn’t enough evidence to say this for sure.

Furthermore, experts believe that the creators of Shamoon, the recently discovered malware, have been inspired by Wiper to develop their own Trojan.

“The fact that the use of Wiper led to the discovery of the 4- or 5-year-old Flame cyber-espionage campaign raises a major question. If the same people who created Duqu/Stuxnet/Flame also created Wiper, was it worth blowing the cover of a complex cyber-espionage campaign such as Flame just to destroy a few computer systems?” experts concluded.