backtop


Print

Attack vector differs slightly from the "Wiper" the malware used to attack the Iranian oil industry

Using a malware package named "Flame" with tools with names like "Wiper", U.S. and Israeli intelligence teams are suspected of a concerted campaign designed to cripple Iran's oil industry, a key supplier of Chinese demand and lifeblood of the Middle Eastern giant's economy.

But now the U.S. energy sector finds itself under attack by a somewhat similar piece of malware dubbed Shamoon or Disttrack by researchers at Symantec Corp. (SYMC) and Intel Corp. (INTC) subsidiary McAfee.

The malware is named for its resident directory -- C:\Shamoon\ArabianGulf\wiper\release\wiper.pdb  -- which, of course, is likely to change as new variants pop up.  Shamoon means "Simon" in Arabic.  There's also Shamoon College of Engineering in Israel -- another possible local name connection.

The malware contains a string in its compilation directory "wiper", making it clear that the authors intended it as at least a homage to the Iran-targeting Wiper.  But Kaspersky Lab says that unlike Stuxnet -- where the U.S.'s anti-Iranian code was decompiled and used by malicious hackers -- the new malware is likely only an imitation, not repackaging.

The code uses different file and service names than the original Wiper.  It also attacks with different attack pattern, though the net goal is the same -- to destroy hard drive data on infected energy sector computers.  

Kaspersky Labs' analysis team writes, "It is more likely that this is a copycat, the work of script kiddies inspired by the story."

But if script kiddies wrote the malware, they must be some pretty good ones.  The malware has advanced networked propagation code, and overwrites the hard drive with a JPEG image found on the internet, preventing data recovery.  While not exactly rocket science, those little touches are the kinds of sophistication oft overlooked by novice hackers.

Saudi Arabia
Shamoon may have struck Saudi Arabia's oil industry, though infections are limited.
[Image Source: CNBC]

The state-owned Saudi Arabian Oil Comp., the world's largest oil producer and privately held company, announced this week that it was struck by a malware attack.  It was unclear, however, whether Shamoon or a similar variant was responsible for the attack on one of America's largest foreign oil suppliers.

What is clear, based on expert reports is that the extent of infections is small, with Symantec reporting less than 50 systems infected.  

Sources: Symantec, McAfee





"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes







Latest Blog Posts
More News
Saimin Nidarson - Dec 4, 2016, 5:00 AM
More News
Saimin Nidarson - Dec 3, 2016, 5:00 AM
Top News
Saimin Nidarson - Dec 2, 2016, 5:00 AM
Top Stories
Saimin Nidarson - Nov 28, 2016, 1:12 AM
News: Fidel Castro
Saimin Nidarson - Nov 27, 2016, 5:00 AM
Top News
Saimin Nidarson - Nov 26, 2016, 5:00 AM
Top Stories
Saimin Nidarson - Nov 22, 2016, 2:26 AM
Headline News:
Saimin Nidarson - Nov 21, 2016, 1:00 AM






botimage
Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki