The Hacker News Logo
Subscribe to Newsletter

Shamoon Malware : Permanently wiping data from Energy Industry Computers

Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer's hard drive and rendering the machine unusable. Symantec would not name the victimized firm, and so far has seen the attack only in this one organization.

W32.Disttrack is a new threat that is being used in specific targeted attacks against at least one organization in the energy sector. It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable.

W32.Disttrack consists of several components:
  1. Dropper—the main component and source of the original infection. It drops a number of other modules.
  2. Wiper—this module is responsible for the destructive functionality of the threat.
  3. Reporter—this module is responsible for reporting infection information back to the attacker.
"Ten years ago we used to see purely malicious threats like this," muses Symantec researcher Liam O Murchu. The likely scenario for the victim would be an experience in which the computer is booting up, but all the files get erased, and the computer collapses into a non-bootable state.

Saudi Arabia-based Saudi Aramco, the world’s largest crude exporter, was reportedly hit by a computer virus this week that entered its network through personal computers. Shamoon is unusual because it goes to great lengths to ensure destroyed data can never be recovered, something that is rarely seen in targeted attacks. It has self-propagation capabilities that allow it to spread from computer to computer using shared network disks. It overwrites disks with a small portion of a JPEG image found on the Internet.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.