Shamoon doesn't steal data but wipes important files and kills PCs
Security researchers have uncovered malware targeting companies in the energy sector - but instead of stealing sensitive information, it looks to disable infected PCs.
The malware was spotted by Symantec, who have dubbed it Disttrack or Shamoon. It has targeted at least one company in the energy sector and works by corrupting important files on an infected machine and then overwriting the MBR (Master Boot Record), which can render a PC unusable.
According to McAfee, the data is lost permanently and the machine is not recoverable.
No further information has been given on who the target was or how destructive the malware has been.
Earlier this week it was reported by Bloomberg that Saudi oil company Aramco was recovering after its computers were infected with a virus. It is not clear if the two are related however. What is clear though is that companies in the Middle East are increasingly the target of cyber attacks from the likes of Israel and the US. Flame, Stuxnet, Duqu and more have all been spotted causing havoc across the Middle East.
Shamoon contains three modules, according to Symantec. The first of these is called Dropper, which is the source of the infection and installs the other modules of infected PCs. The second is called Wiper, which destroys the data and the PC and finally Reporter, which sends details of its activity back to base.
The second of these modules, Wiper, brings to mind the malware of the same name that targeted Iranian facilities earlier this year. It was found to be deleting sensitive information regarding Iran nuclear capabilities. It was while researching the original Wiper that Kaspersky Lab found Flame, described as the most sophisticated malware ever created.
However Kaspersky researchers have claimed that this new Wiper is unrelated to the original. "It is more likely that this is a copycat, the work of a script kiddies inspired by the story," the company said.
Symantec added that, "threats with such destructive payloads are unusual and are not typical of targeted attacks."
get a cbr Cyber Security weekly update
Unable to register now