backtop


Print

Attack vector differs slightly from the "Wiper" the malware used to attack the Iranian oil industry

Using a malware package named "Flame" with tools with names like "Wiper", U.S. and Israeli intelligence teams are suspected of a concerted campaign designed to cripple Iran's oil industry, a key supplier of Chinese demand and lifeblood of the Middle Eastern giant's economy.

But now the U.S. energy sector finds itself under attack by a somewhat similar piece of malware dubbed Shamoon or Disttrack by researchers at Symantec Corp. (SYMC) and Intel Corp. (INTC) subsidiary McAfee.

The malware is named for its resident directory -- C:\Shamoon\ArabianGulf\wiper\release\wiper.pdb  -- which, of course, is likely to change as new variants pop up.  Shamoon means "Simon" in Arabic.  There's also Shamoon College of Engineering in Israel -- another possible local name connection.

The malware contains a string in its compilation directory "wiper", making it clear that the authors intended it as at least a homage to the Iran-targeting Wiper.  But Kaspersky Lab says that unlike Stuxnet -- where the U.S.'s anti-Iranian code was decompiled and used by malicious hackers -- the new malware is likely only an imitation, not repackaging.

The code uses different file and service names than the original Wiper.  It also attacks with different attack pattern, though the net goal is the same -- to destroy hard drive data on infected energy sector computers.  

Kaspersky Labs' analysis team writes, "It is more likely that this is a copycat, the work of script kiddies inspired by the story."

But if script kiddies wrote the malware, they must be some pretty good ones.  The malware has advanced networked propagation code, and overwrites the hard drive with a JPEG image found on the internet, preventing data recovery.  While not exactly rocket science, those little touches are the kinds of sophistication oft overlooked by novice hackers.

Saudi Arabia
Shamoon may have struck Saudi Arabia's oil industry, though infections are limited.
[Image Source: CNBC]

The state-owned Saudi Arabian Oil Comp., the world's largest oil producer and privately held company, announced this week that it was struck by a malware attack.  It was unclear, however, whether Shamoon or a similar variant was responsible for the attack on one of America's largest foreign oil suppliers.

What is clear, based on expert reports is that the extent of infections is small, with Symantec reporting less than 50 systems infected.  

Sources: Symantec, McAfee





"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch







Latest Blog Posts
Around the World
Saimin Nidarson - Feb 18, 2017, 5:48 AM
News of Future
Saimin Nidarson - Feb 17, 2017, 6:30 AM
Some News
Saimin Nidarson - Feb 14, 2017, 5:36 AM
What's New?
Saimin Nidarson - Feb 10, 2017, 6:15 AM
Unleashed News
Saimin Nidarson - Feb 9, 2017, 6:00 AM
Eye catching news
Saimin Nidarson - Feb 8, 2017, 6:16 AM
Some World News
Saimin Nidarson - Feb 7, 2017, 6:15 AM
Today’s news
Saimin Nidarson - Feb 6, 2017, 10:11 AM
Some News
Saimin Nidarson - Feb 5, 2017, 7:27 AM
Notes and News
Saimin Nidarson - Feb 4, 2017, 5:53 AM
World News
Saimin Nidarson - Feb 3, 2017, 5:30 AM
Gadget News
Saimin Nidarson - Feb 2, 2017, 7:00 AM
News Around The World.
Saimin Nidarson - Feb 1, 2017, 7:20 AM
Some News
Saimin Nidarson - Jan 31, 2017, 7:57 AM
Tips of Today
Saimin Nidarson - Jan 30, 2017, 6:53 AM
What is new?
Saimin Nidarson - Jan 29, 2017, 6:26 AM






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki