Sharpknot Wiper Trojan
US-CERT has issued an alert over a trojan dubbed Sharpknot that wipes Master Boot Record (MBR) and files on infected machines.
At present it is unclear how Sharpknot is delivered, although it is likely that several other HIDDEN COBRA tools are used to install it during their own infection processes.
When executed from the command line, Sharpknot will first attempt to overwrite the Master Boot Record of the affected device. Once this is done it will enumerate the available local, network and removable drives before overwriting these.
Further technical details here.
Affected Platforms:
Microsoft Windows – All versions
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.