Feeds

back to article Exhibitionist Shamoon virus blows PCs' minds

While most malware these days tries to work under the radar to avoid detection, a new species has been reported that wipes the drives of the systems it infects. The Shamoon software carries out a two stage attack, according to an analysis by Israeli security firm Seculert. Once a system on a network is infected, the code scrapes …

COMMENTS

This topic is closed for new posts.

Or...

Or, this could be the work of government agencies that want to raise the cyber-threat level, hence increasing their influence and importance.

8
4
Silver badge

Re: Or...

Or it could be the sort of adapted counter-attack one should expect when releasing viral code to cripple another state power.

1
0

Or...

Could be the work of a disgruntled (ex?) employee?

1
1

Or...

A fiendish plot to make tape backup popular again?

3
0

Or...

It could all be clever plot to make a bunch of conspiracy theorists and nerds alike start several posts in a comments section starting with "Or...".

10
1
Silver badge

You cynic.

Or...

1
0
Silver badge

Or...

Really?

1
0

This post has been deleted by its author

Anonymous Coward

or

or.

nasty.nasty.nasty.

0
0
Silver badge
Facepalm

Or...

Er....

0
0
Anonymous Coward

Err...

...or

1
0
WTF?

Re: Err...

... not if it was all in "The Cloud"?

0
0
Silver badge

Re: Err...

was that an irony or?

1
0
Bronze badge
Linux

privileges escalation?

it affects Windows 95, Windows 98, Windows XP, Windows 200, Windows Vista, Windows NT, Windows ME, Windows 7, Windows Server 2003 and Windows Server 2008.

Copies itself to the following network shares:

ADMIN$

C$\\WINDOWS

D$\\WINDOWS

E$\\WINDOWS

Is it a new Windows vulnerability, social engineering caused by the lack of software repositories or a usual business of allowing a user to have the admin rights? Or is all three?

8
1
Anonymous Coward

Re: privileges escalation?

"it affects Windows 95, Windows 98, Windows XP, Windows 200, Windows Vista, Windows NT, Windows ME, Windows 7, Windows Server 2003 and Windows Server 2008."

No worries, I'm running Windows for Workgroups 3.11

5
0
Happy

Windows 200

I grant you copyright. It's cool

0
0
Facepalm

Re: privileges escalation?

"Shamoon works its way into a computer that is directly connected to the Internet, and then from there begins to spread to other computers connected to the same network".

So no user interaction, therefore.

Isn't that what MS's Trusted Computing (Trustworthy Computing, NGSCB, TPM, Bitlocker, ???) was supposed to prevent?

http://www.microsoft.com/about/twc/en/us/security.aspx

http://en.wikipedia.org/wiki/Trustworthy_Computing (The advertorial part of this article would be quite hilarious if it were not so sad).

http://content.dell.com/us/en/enterprise/d/large-business/windows-7-security-trusted

I understand that it can delete files in userspace, but in Windows directories and the MBR? How does it get onto the machine in the first place - details are absent (at least, I could not find any with a quick google; should I have tried Bing?).

Or am I just completely out of it?

2
0
Happy

Re: privileges escalation?

Seems that in order to infect my PC, I would firstly need to install Windows 95, Windows 98, Windows XP, Windows 2000, Windows Vista, Windows NT, Windows ME, Windows 7, Windows Server 2003 or Windows Server 2008...

;-)

2
0
Anonymous Coward

Re: privileges escalation?

Windoze only? No real surprize then!

1
5
Anonymous Coward

Re: privileges escalation?

To give a little perspective, you need to be aware that when I worked in Saudi, software was sold by how many diskettes (5 1/4") it took to make a copy, and the manuals by how many pages/bindings. Only one legitimate copy of any given program was sold in the magic Kingdom, from there on the manuals got shipped to China for duplication, and the diskettes were copied far and wide and a set was made up for you while you waited at the shop in the souk, usually with additional softxxxxmalware thrown in for free. So no incentives (like actually being paid or anything) for legitimate software companies.

At the local utility headquarters, one department's PCs had over a hundred viruses each (IT stopped counting at a hundred). They just reformatted them down to the bare metal and re-installed the MBR, OS (PC-DOS) and basic apps. Most of the viruses floating around (and transferred by diskette) were all boot sector infections.

The point being that when your population (and workforce) is so casually engaged in software piracy, it is nearly impossible to keep malware out of your machines. That was the situation then, and I really doubt that there has been any significant changes in the situation since (CDs/DVDs for floppies doesn't count).

As a complete aside, one of the regular tests for newcomers (English speaking) among the expats, was how do you spell check/cheque, thinking fast I answered Czech...

2
0
Bronze badge
Holmes

@AC 15:42 - Re: privileges escalation?

"software was sold by how many diskettes (5 1/4") it took to make a copy, and the manuals by how many pages/bindings"

How things have gone downhill since those days! You don't get manuals any more.

3
0
Anonymous Coward

Re: privileges escalation?

Infects 95/98/me by the admin$, c$, d$ shares. How does that work then?

0
0
Trollface

I approve of this thread..

..and, use Linux duh obv

3
4

Or...

Skynet is tired of bloated code that relies on grunt rather then elegance to work and has decided to commit suicide!

0
0
Silver badge
Devil

Re: Or...

Then the virus would be called KATANA

0
0
SF
Go

Prevention

Would a security specialist sysadmin working at the site have been able to prevent this compromise? Just curious.

0
0
Anonymous Coward

aramco ?

Could very well be ...

Several users did report they lost all their harddrives. Rumour has it the outbreak was limited to the personal network, not the production network.

Same rumour has it that it's the dammam site that was hit hardest.

Wondering what the impact will be on the securoty on their production networks.

Usb out, ps/2 back in ?

And a further limitation on how far their windows production network is allowed to even touch their unix/linux networks.

1
0
Bronze badge

On the plus side...

Unless the virus (actually a worm, I think) overwrites the actual data instead of just deleting files, it's good that it then bricks the system, as it vastly increases the chances of recovering your deleted data if the system stops working. (and thus stops using the drive)

1
1
Unhappy

Re: On the plus side...

Try deleting all the files on your system and then recovering. Since you can't recover the directory structure it all goes into the one folder that you then have to sort through... A job for the masochistic.

0
0
Bronze badge
Windows

Re: On the plus side...

HUH???

As Girlie sometimes says "You're doing it all wrong...!"

OK, I guess you're not using a decent backup tool. Or, you're using Windoze. Or both.

1
2

Re: On the plus side...

Errr not since using the undelete command in dos have I come across a file recovery tool that couldnt rebuild the directory structure

0
0
Silver badge
FAIL

Re: On the plus side...

Down vote for failure to read article, then speculating about how it works even though article states otherwise.

0
0
Silver badge

Re: ...using the undelete command in dos...

Yeah I remember those days. I also remember Peter Norton had a tool that would recover the directory structure plus undelete the files for a while before M$ wrote the undelete command into DOS. When Win95 first came out, I figured M$ had finally figured out a way to permanently kill the Norton software (Windows isn't done 'till Lotus won't run). And I was right.

0
0
Anonymous Coward

Re: ...using the undelete command in dos...

@Tom 13 - That's the problem with writing software which replicates functionality that you think should be in the OS, eventually that software gets written into the OS.

1
0
Anonymous Coward

At last

a virus that really does wipe your hard drive - quick, forward this email to everyone you know

0
0
Mushroom

What's the Question?

And the Jeopardy answer is:

"This Islamic nation state stands to gain the most if ARAMCO is off line and cripling sanctions are removed by the EU and the US."

0
0
This topic is closed for new posts.