Wednesday, March 22, 2017
Home / Malware / New Shamoon malware Steals and Wipes PCs

New Shamoon malware Steals and Wipes PCs

A new malware is on the loose and is dubbed “Shamoon”, the virus acts by penetrating a system attached to the internet and then spreads to other PCs within that network, including ones without a web connection.

Until now, at least one organization has been attacked – Saudi Arabia’s national oil company.

“[Shamoon] is a new threat that is being used in specific targeted attacks against at least one organization in the energy sector,” a Symantec security system’s blog post stated.

“It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR in an effort to render the computer unusable.”

Shamoon, also known as Disttrack, nabs data from PC folders like “Documents and Settings” and “System32/Config,” stealing information as any malware virus would do.

However, what’s different about Shamoon is that it’s able to overwrite the master boot record (MBR) of the machines it infiltrates, crippling them completely.

In the case of the Saudi oil company, stolen data was replaced with JPEG images, preventing any future file recovery.

Analysts think Shamoon is a copycat virus, taking cues from the “Wiper” virus that swept through Iran in April, though believe there is no connection between the two.

Shamoon is likely “the work of script kiddies inspired by the story.”

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Exploit Kit activity on a steep decline since April

As malware writers are moving to Neutrino and RIG exploit kits (EK) for dispersal needs, security experts …