The malware it has attacked many sectors, such as energy and infrastructure, mainly in Middle Eastern countries. It is believed that attacks these are carried out by a government group hacking of Iran.
Researchers say ZeroCleare shows similarities to another disk-wiping malware, the Shamoon, which carried out its attacks using the image of a burning dollar.
ZeroCleare's main goal is to replace Master Boot Record (MBR) files and disk segments into computers Windows. Using EldoS RawDisk, a legitimate tool for interacting with files, disks, and segments, it attempts to clean up MBR files and damaged disk segments.
The Middle East is often the victim of such attacks in the energy and industrial sectors, and there are a number of cases where various countries are attacking their rivals.
ZeroCleare comes in two versions, one for each Windows architecture (32-bit and 64-bit), but only one was functional. The 32-bit version is supposed to work, with the installation of the EldoS RawDisk program.
Researchers observed various files in the arsenal of malware that infected devices with malicious software ZeroCleare and expanded through compromised networks.
In the final step, ZeroCleare will run automatically, handing over the ClientUpdate.exe file name, which runs with the legal license key for the EldoS RawDisk program and will proceed to the disk cleanup phase.
How useful was this post?
Average rating 5 / 5. Vote count: 1