UPDATED 15:30 EDT / AUGUST 20 2012

NEWS

New Shamoon Malware Attacks: Possible American Script Kiddies?

Cyber security experts are warning of a particularly destructive new malware that steals data then attempts to cover its tracks by crippling the host computer.

The malware, which has been separately dubbed “Shamoon” and “Disstrack”, has reportedly been used in targeted attacks against a number of firms and specific individuals, and once again these targets appear to be centered in the Middle East.

Shamoon, so-called because of a file name identified within its code, has the potential to cause enormous damage because once it gets inside an internal network, it’s able to affect all computers within that sphere, collecting their files and transferring them to an unknown server before erasing them all from the hosts.

It’s rumoured that Shamoon is responsible for last week’s attack on the Saudi oil company Aramco, which had to shut down its main system following an attack by unspecified malware.

Symantec reported that Shamoon has so far attacked 50 computers worldwide.

One of the unusual things about Shamoon is that not only does it erase everything it steals, but it goes further, overwriting the host computer’s master boot record and preventing it from starting up.

This unique ‘feature’ of the spyware has led to much speculation within the industry about who or what could be behind Shamoon. It might be that the malware acts as some kind of “cleanup” tool to disguise the presence of a previous infection, or alternatively it could be that Shamoon is just the work of amateurs.

According to Kaspersky Lab, Shamoon shares many similarities with the recently discovered Gauss, and the Flame virus that successfully managed to evade security experts for five years before it was identified; both incorporate something called a “wiper” feature that allows them to clean up all traces of their activity on an infected computer – however, Kaspersky says that the “wipers” found on Shamoon and Flame are totally different.

“It is more likely that this is a copycat, the work of a script kiddies inspired by the [Flame] story,” said the company in its blog.

One clue to the origins of Shamoon could come from an image snippet it uses to overwrite all of the documents and files it finds in infected machines – pictured on Symantec’s website, the image snippet appears to contain an American flag.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU