Evidence for the malware emerged in April after the Iranian Oil Ministry announced that some of its installations had been attacked by a ‘worm’ that was deleting numerous types of data files from hard drives.
Because the malware was designed to remove all traces of its existence, the job of hunting it down has proved hard work. The company’s best guess is that it was written on what is called the ‘Tilded’ cyber-malware platform which means it must be related to Stuxnet malware and its mysterious companion, Duqu.
The evidence? Mainly, tiny pointers that Wiper had named a registry key using the same file-naming format as Duqu as well as forensic evidence that it did the same for its temp files.