backtop


Print 13 comment(s) - last by DT_Reader.. on Aug 20 at 5:37 PM

Attack vector differs slightly from the "Wiper" the malware used to attack the Iranian oil industry

Using a malware package named "Flame" with tools with names like "Wiper", U.S. and Israeli intelligence teams are suspected of a concerted campaign designed to cripple Iran's oil industry, a key supplier of Chinese demand and lifeblood of the Middle Eastern giant's economy.

But now the U.S. energy sector finds itself under attack by a somewhat similar piece of malware dubbed Shamoon or Disttrack by researchers at Symantec Corp. (SYMC) and Intel Corp. (INTC) subsidiary McAfee.

The malware is named for its resident directory -- C:\Shamoon\ArabianGulf\wiper\release\wiper.pdb  -- which, of course, is likely to change as new variants pop up.  Shamoon means "Simon" in Arabic.  There's also Shamoon College of Engineering in Israel -- another possible local name connection.

The malware contains a string in its compilation directory "wiper", making it clear that the authors intended it as at least a homage to the Iran-targeting Wiper.  But Kaspersky Lab says that unlike Stuxnet -- where the U.S.'s anti-Iranian code was decompiled and used by malicious hackers -- the new malware is likely only an imitation, not repackaging.

The code uses different file and service names than the original Wiper.  It also attacks with different attack pattern, though the net goal is the same -- to destroy hard drive data on infected energy sector computers.  

Kaspersky Labs' analysis team writes, "It is more likely that this is a copycat, the work of script kiddies inspired by the story."

But if script kiddies wrote the malware, they must be some pretty good ones.  The malware has advanced networked propagation code, and overwrites the hard drive with a JPEG image found on the internet, preventing data recovery.  While not exactly rocket science, those little touches are the kinds of sophistication oft overlooked by novice hackers.

Saudi Arabia
Shamoon may have struck Saudi Arabia's oil industry, though infections are limited.
[Image Source: CNBC]

The state-owned Saudi Arabian Oil Comp., the world's largest oil producer and privately held company, announced this week that it was struck by a malware attack.  It was unclear, however, whether Shamoon or a similar variant was responsible for the attack on one of America's largest foreign oil suppliers.

What is clear, based on expert reports is that the extent of infections is small, with Symantec reporting less than 50 systems infected.  

Sources: Symantec, McAfee



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

The United States...
By MrBlastman on 8/17/2012 1:17:58 PM , Rating: 5
Exports 440,000 more barrels of oil a day than it imports.

http://science.time.com/2012/03/08/0-44-million-ba...

Think about it. We're at a surplus--and we're exporting... why? Something is wrong with this picture. Something is also wrong with oil prices at the moment.

The Bakken shale formation is huge! People are becoming instant-millionaires from it.




RE: The United States...
By ZorkZork on 8/17/2012 2:54:17 PM , Rating: 2
RE: The United States...
By kattanna on 8/17/2012 2:56:06 PM , Rating: 4
quote:
petroleum products


thats very different then crude oil, which is the base stock, from which the products are made from


RE: The United States...
By MrBlastman on 8/17/2012 10:02:35 PM , Rating: 3
This is true. The Bakken formation will change the crude game too, thankfully. Just give it time. We've got more than enough here to sustain us just fine.


RE: The United States...
By Schadenfroh on 8/18/12, Rating: -1
RE: The United States...
By MrBlastman on 8/19/2012 1:16:33 AM , Rating: 2
I think it'd be pretty neat to turn on my water faucet and light the water on fire. They're pumping a lot of methane into the ground... oh well. Cool stuff!

The sooner we can become energy independent, the better.

Good luck with your rainbows and sunshine. We're decades or more away from space based power--the one true method of solar generation.


RE: The United States...
By tamalero on 8/18/2012 2:14:04 PM , Rating: 2
Mexico sells almost all its oil to USA, and buys back it as derivatives (Gas, Turbosine..etc..)


RE: The United States...
By dsquare86 on 8/19/2012 6:29:41 AM , Rating: 2
My car runs on happy thoughts, unicorns, and rainbows. Also, forgot to mention sunshine.


RE: The United States...
By DT_Reader on 8/20/2012 5:37:40 PM , Rating: 1
How many miles per unicorn are you getting? Rainbows are hard enough to capture, but the unicorns are a bitch to find let alone catch, so I had to go back to powering my car with dreams and visions.


RE: The United States...
By Dr of crap on 8/20/2012 11:37:12 AM , Rating: 2
You DO KNOW that trading of oil futures is where the money is being made, and plenty of it and THAT'S where the price control is.

You can down play it all you want, but in the end remove futures trading and we'd be at least a $1 less per gallon, maybe more.


Oh great
By augiem on 8/17/2012 2:35:50 PM , Rating: 3
Another excuse for gas to jump $.50/gal.




RE: Oh great
By BZDTemp on 8/17/2012 6:36:56 PM , Rating: 2
Still cheap compared to the past when you factor in the buying value of a $, not to mention even the worst cars use less fuel then a decade ago.


'Shamoon' You know it...C'mon
By 225commander on 8/20/2012 10:35:57 AM , Rating: 2
Anyone else hear MJ's voice in the background when reading this article,
'Shamon' You know it...

Maybe I just need more coffee this morning..and higher gas prices too!




"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki