backtop


Print 13 comment(s) - last by DT_Reader.. on Aug 20 at 5:37 PM

Attack vector differs slightly from the "Wiper" the malware used to attack the Iranian oil industry

Using a malware package named "Flame" with tools with names like "Wiper", U.S. and Israeli intelligence teams are suspected of a concerted campaign designed to cripple Iran's oil industry, a key supplier of Chinese demand and lifeblood of the Middle Eastern giant's economy.

But now the U.S. energy sector finds itself under attack by a somewhat similar piece of malware dubbed Shamoon or Disttrack by researchers at Symantec Corp. (SYMC) and Intel Corp. (INTC) subsidiary McAfee.

The malware is named for its resident directory -- C:\Shamoon\ArabianGulf\wiper\release\wiper.pdb  -- which, of course, is likely to change as new variants pop up.  Shamoon means "Simon" in Arabic.  There's also Shamoon College of Engineering in Israel -- another possible local name connection.

The malware contains a string in its compilation directory "wiper", making it clear that the authors intended it as at least a homage to the Iran-targeting Wiper.  But Kaspersky Lab says that unlike Stuxnet -- where the U.S.'s anti-Iranian code was decompiled and used by malicious hackers -- the new malware is likely only an imitation, not repackaging.

The code uses different file and service names than the original Wiper.  It also attacks with different attack pattern, though the net goal is the same -- to destroy hard drive data on infected energy sector computers.  

Kaspersky Labs' analysis team writes, "It is more likely that this is a copycat, the work of script kiddies inspired by the story."

But if script kiddies wrote the malware, they must be some pretty good ones.  The malware has advanced networked propagation code, and overwrites the hard drive with a JPEG image found on the internet, preventing data recovery.  While not exactly rocket science, those little touches are the kinds of sophistication oft overlooked by novice hackers.

Saudi Arabia
Shamoon may have struck Saudi Arabia's oil industry, though infections are limited.
[Image Source: CNBC]

The state-owned Saudi Arabian Oil Comp., the world's largest oil producer and privately held company, announced this week that it was struck by a malware attack.  It was unclear, however, whether Shamoon or a similar variant was responsible for the attack on one of America's largest foreign oil suppliers.

What is clear, based on expert reports is that the extent of infections is small, with Symantec reporting less than 50 systems infected.  

Sources: Symantec, McAfee



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: The United States...
By Schadenfroh on 8/18/2012 9:48:54 AM , Rating: -1
Why should we poison our country by exposing these harsh chemicals to the environment? Better to let foreigners poison their lands. The increase in fuel prices will force fat consumers to walk or bike to work instead of driving their SUVs. Once gas is $10 a gallon, alternative fuels like rainbows and sunshine can be realized.


RE: The United States...
By MrBlastman on 8/19/2012 1:16:33 AM , Rating: 2
I think it'd be pretty neat to turn on my water faucet and light the water on fire. They're pumping a lot of methane into the ground... oh well. Cool stuff!

The sooner we can become energy independent, the better.

Good luck with your rainbows and sunshine. We're decades or more away from space based power--the one true method of solar generation.


"DailyTech is the best kept secret on the Internet." -- Larry Barber














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki