Shamoon,[lower-alpha 1] also known as Disttrack, is a modular computer virus discovered in 2012 that attacks computers running the Microsoft Windows operating system. The virus is being used for cyber espionage in the energy sector. Its discovery was announced on 16 August 2012 by Symantec, Kaspersky Lab and Seculert. Similarities have been highlighted by Kaspersky Lab and Seculert between Shamoon and the flame malware.
The virus has been noted as unique for having differing behaviour from other malware cyber espionage attacks. Shamoon is capable of spreading to other computers on the network, through exploitation of shared hard drives. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, erase and then send information about these files back to the attacker. Finally, the virus will overwrite the master boot record of the system to prevent it from booting.
The virus has hit companies within the oil and energy sectors. A group named "Cutting Sword of Justice" claimed responsibility for an attack on 30,000 Saudi Aramco workstations, causing the company to spend a week restoring their services. The group later indicated that the Shamoon virus had been used in the attack. Computer systems at RasGas were also knocked offline by an unidentified computer virus, with some security experts crediting Shamoon for the damage.
Notes[edit | edit source]
- "Shamoon" is part of a directory string found in the viruses Wiper component.
References[edit | edit source]
- "Shamoon virus attacks Saudi oil company". Digital Journal. August 18, 2012. http://www.digitaljournal.com/article/331033. Retrieved August 19, 2012.
- "The Shamoon Attacks". Symantec. 16 August 2012. http://www.symantec.com/connect/blogs/shamoon-attacks. Retrieved August 19, 2012.
- "Shamoon virus targets energy sector infrastructure". BBC News. 17 August 2012. http://www.bbc.co.uk/news/technology-19293797. Retrieved August 19, 2012.
- "Shamoon the Wiper — Copycats at Work". August 16, 2012. http://www.securelist.com/en/blog/208193786/Shamoon_the_Wiper_Copycats_at_Work. Retrieved August 19, 2012.
- "Shamoon, a two-stage targeted attack". Seculert. August 16, 2012. http://blog.seculert.com/2012/08/shamoon-two-stage-targeted-attack.html. Retrieved August 19, 2012.
- "Exhibitionist Shamoon virus blows PCs' minds". The Register. August 17, 2012. http://www.theregister.co.uk/2012/08/17/shamoon_malware_energy/. Retrieved August 19, 2012.
- "Virus knocks out computers at Qatari gas firm RasGas". CNET. August 30, 2012. http://news.cnet.com/8301-1009_3-57503641-83/virus-knocks-out-computers-at-qatari-gas-firm-rasgas/. Retrieved September 1, 2012.
- "Computer virus hits second energy firm". BBC News. August 31, 2012. http://www.bbc.co.uk/news/technology-19434920. Retrieved September 1, 2012.