Recently, the Iranian CERT (Maher Center) released information about a new identified targeted malware with wiping capabilities. The piece of code is very simple and it deletes files on different drives on specific dates. Below is an analysis on the malware by Jaime Blasco, Labs Manager at AlienVault:
When the installer is executed, it adds a registry entry that ensures the malware's persistence across system reboots and creates a Windows batch file containing the data wiping routine.
Because of its use of batch files -- script files to be executed by the Windows shell program -- the malware has been dubbed "Batchwiper."
It's not clear how the malware is being distributed. The dropper could be deployed using several vectors, ranging from spearphishing emails, infected USB drives, some other malware already running on computers, or an internal actor uploading it to network shares.
Based on the analysis we did we couldn't find any connection between Shamoon and this wiping malware discovered by the Iranian Cert. Based on the simplicity of this new threat I would say that the wiping malware that leaded to the discovery of Flame isn't also related to this new threat, based on the details that were released at that time.
For some reason several actors are using malware with wiping capabilities in the Middle East. I don't know the reason but we can also say that all of them - Shamoon, this new one, etc - are very simple and don't represent a serious threat. Nevertheless the malware can do a lot of damage if the wiping routines are executed.