Iran cyber attack
An analyst looks at code in the malware lab of a cyber security defence lab at the Idaho National Laboratory in Idaho Falls, Idaho, in this 29 September, 2011 file photo - Reuters Reuters

Iranian computers are facing a fresh threat from a newly unleashed "targeted data wiping malware" dubbed as Batchwiper.

Although the virus appears not to be as devastating as the previous ones, it threatens to wipe out the data from the infected computers.

An alert has been issued by Maher, Iran's Computer Emergency Response Team Coordination Centre (CERTCC), saying the malware is thought to be present in the country's computers for at least two months.

"Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognised by anti-virus software," the CERTCC said in a statement.

The malware effectively slips into computers without being noticed by anti-virus programs due to its disguise under a genuine Microsoft Office 2007 document MS Office Groove. The malware installer, also known as dropper, has been identified as "GrooveMonitor.exe" along with four other similar malware installers.

The malware threatens to erase the data from hard drive partitions which start with the letters D through I.

"Primitive analysis revealed that this malware wipes files on different drives in various predefined times. This targeted attack is simple in design and it is not any similarity to the other sophisticated targeted attacks," said the Centre.

Anti-virus security firm AlienVault, confirming the presence of the malware, said: "We don't have details about the infection vector but based on the dropper it could be deployed using USB drives, internal actors, SpearPhishing or probably as the second stage of a targeted intrusion," adding that the code of the malware is "very simple."

The malware is designed in such a way that it kicks off its destruction on a specific date and the next one is scheduled to start on 21 January, 2013.

"There's no connection to any of the previous wiper-like attacks we have seen. We also don't have any reports of this malware from the wild," a senior researcher at Kaspersky Lab, Roel Schouwenberg writes in a blog post.

Iran had been under high-profile cyber attacks earlier, allegedly launched by its adversaries Israel and the US over Tehran's controversial nuclear programme.

It was revealed recently that Tehran has decided to establish a separate headquarters to combat the cyber war apart from honing its cyber-weapons.

Microsoft Israel