Data-destroying malware found targeting energy companies


by Steve Evans| 17 August 2012

Shamoon doesn't steal data but wipes important files and kills PCs

Security researchers have uncovered malware targeting companies in the energy sector - but instead of stealing sensitive information, it looks to disable infected PCs.

The malware was spotted by Symantec, who have dubbed it Disttrack or Shamoon. It has targeted at least one company in the energy sector and works by corrupting important files on an infected machine and then overwriting the MBR (Master Boot Record), which can render a PC unusable.

According to McAfee, the data is lost permanently and the machine is not recoverable.

No further information has been given on who the target was or how destructive the malware has been.

Earlier this week it was reported by Bloomberg that Saudi oil company Aramco was recovering after its computers were infected with a virus. It is not clear if the two are related however. What is clear though is that companies in the Middle East are increasingly the target of cyber attacks from the likes of Israel and the US. Flame, Stuxnet, Duqu and more have all been spotted causing havoc across the Middle East.

Shamoon contains three modules, according to Symantec. The first of these is called Dropper, which is the source of the infection and installs the other modules of infected PCs. The second is called Wiper, which destroys the data and the PC and finally Reporter, which sends details of its activity back to base.

The second of these modules, Wiper, brings to mind the malware of the same name that targeted Iranian facilities earlier this year. It was found to be deleting sensitive information regarding Iran nuclear capabilities. It was while researching the original Wiper that Kaspersky Lab found Flame, described as the most sophisticated malware ever created.

However Kaspersky researchers have claimed that this new Wiper is unrelated to the original. "It is more likely that this is a copycat, the work of a script kiddies inspired by the story," the company said.

Symantec added that, "threats with such destructive payloads are unusual and are not typical of targeted attacks."

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

792 people like this.
2214 people follow this.

Malware Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.