back to article Exhibitionist Shamoon virus blows PCs' minds

While most malware these days tries to work under the radar to avoid detection, a new species has been reported that wipes the drives of the systems it infects. The Shamoon software carries out a two stage attack, according to an analysis by Israeli security firm Seculert. Once a system on a network is infected, the code …

COMMENTS

This topic is closed for new posts.
  1. William Boyle

    Or...

    Or, this could be the work of government agencies that want to raise the cyber-threat level, hence increasing their influence and importance.

    1. Tom 13

      Re: Or...

      Or it could be the sort of adapted counter-attack one should expect when releasing viral code to cripple another state power.

  2. Alain Moran

    Or...

    Could be the work of a disgruntled (ex?) employee?

  3. Hardcastle the ancient

    Or...

    A fiendish plot to make tape backup popular again?

  4. Jordan Davenport

    Or...

    It could all be clever plot to make a bunch of conspiracy theorists and nerds alike start several posts in a comments section starting with "Or...".

    1. Anonymous Coward
      Anonymous Coward

      You cynic.

      Or...

  5. Destroy All Monsters Silver badge

    Or...

    Really?

    1. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    or

    or.

    nasty.nasty.nasty.

  7. Graham Marsden
    Facepalm

    Or...

    Er....

    1. Anonymous Coward
      Anonymous Coward

      Err...

      ...or

      1. dharmaseal
        WTF?

        Re: Err...

        ... not if it was all in "The Cloud"?

      2. Tom 7

        Re: Err...

        was that an irony or?

  8. eulampios
    Linux

    privileges escalation?

    it affects Windows 95, Windows 98, Windows XP, Windows 200, Windows Vista, Windows NT, Windows ME, Windows 7, Windows Server 2003 and Windows Server 2008.

    Copies itself to the following network shares:

    ADMIN$

    C$\\WINDOWS

    D$\\WINDOWS

    E$\\WINDOWS

    Is it a new Windows vulnerability, social engineering caused by the lack of software repositories or a usual business of allowing a user to have the admin rights? Or is all three?

    1. Anonymous Coward
      Anonymous Coward

      Re: privileges escalation?

      "it affects Windows 95, Windows 98, Windows XP, Windows 200, Windows Vista, Windows NT, Windows ME, Windows 7, Windows Server 2003 and Windows Server 2008."

      No worries, I'm running Windows for Workgroups 3.11

    2. Pigeon
      Happy

      Windows 200

      I grant you copyright. It's cool

    3. Kobus Botes
      Facepalm

      Re: privileges escalation?

      "Shamoon works its way into a computer that is directly connected to the Internet, and then from there begins to spread to other computers connected to the same network".

      So no user interaction, therefore.

      Isn't that what MS's Trusted Computing (Trustworthy Computing, NGSCB, TPM, Bitlocker, ???) was supposed to prevent?

      http://www.microsoft.com/about/twc/en/us/security.aspx

      http://en.wikipedia.org/wiki/Trustworthy_Computing (The advertorial part of this article would be quite hilarious if it were not so sad).

      http://content.dell.com/us/en/enterprise/d/large-business/windows-7-security-trusted

      I understand that it can delete files in userspace, but in Windows directories and the MBR? How does it get onto the machine in the first place - details are absent (at least, I could not find any with a quick google; should I have tried Bing?).

      Or am I just completely out of it?

      1. Anonymous Coward
        Anonymous Coward

        Re: privileges escalation?

        To give a little perspective, you need to be aware that when I worked in Saudi, software was sold by how many diskettes (5 1/4") it took to make a copy, and the manuals by how many pages/bindings. Only one legitimate copy of any given program was sold in the magic Kingdom, from there on the manuals got shipped to China for duplication, and the diskettes were copied far and wide and a set was made up for you while you waited at the shop in the souk, usually with additional softxxxxmalware thrown in for free. So no incentives (like actually being paid or anything) for legitimate software companies.

        At the local utility headquarters, one department's PCs had over a hundred viruses each (IT stopped counting at a hundred). They just reformatted them down to the bare metal and re-installed the MBR, OS (PC-DOS) and basic apps. Most of the viruses floating around (and transferred by diskette) were all boot sector infections.

        The point being that when your population (and workforce) is so casually engaged in software piracy, it is nearly impossible to keep malware out of your machines. That was the situation then, and I really doubt that there has been any significant changes in the situation since (CDs/DVDs for floppies doesn't count).

        As a complete aside, one of the regular tests for newcomers (English speaking) among the expats, was how do you spell check/cheque, thinking fast I answered Czech...

        1. Nuke
          Holmes

          @AC 15:42 - Re: privileges escalation?

          "software was sold by how many diskettes (5 1/4") it took to make a copy, and the manuals by how many pages/bindings"

          How things have gone downhill since those days! You don't get manuals any more.

    4. mr.goose
      Happy

      Re: privileges escalation?

      Seems that in order to infect my PC, I would firstly need to install Windows 95, Windows 98, Windows XP, Windows 2000, Windows Vista, Windows NT, Windows ME, Windows 7, Windows Server 2003 or Windows Server 2008...

      ;-)

    5. Anonymous Coward
      Anonymous Coward

      Re: privileges escalation?

      Windoze only? No real surprize then!

    6. Anonymous Coward
      Anonymous Coward

      Re: privileges escalation?

      Infects 95/98/me by the admin$, c$, d$ shares. How does that work then?

  9. nuked
    Trollface

    I approve of this thread..

    ..and, use Linux duh obv

  10. Mahou Saru

    Or...

    Skynet is tired of bloated code that relies on grunt rather then elegance to work and has decided to commit suicide!

    1. Destroy All Monsters Silver badge
      Devil

      Re: Or...

      Then the virus would be called KATANA

  11. SF
    Go

    Prevention

    Would a security specialist sysadmin working at the site have been able to prevent this compromise? Just curious.

  12. Anonymous Coward
    Anonymous Coward

    aramco ?

    Could very well be ...

    Several users did report they lost all their harddrives. Rumour has it the outbreak was limited to the personal network, not the production network.

    Same rumour has it that it's the dammam site that was hit hardest.

    Wondering what the impact will be on the securoty on their production networks.

    Usb out, ps/2 back in ?

    And a further limitation on how far their windows production network is allowed to even touch their unix/linux networks.

  13. Unicornpiss

    On the plus side...

    Unless the virus (actually a worm, I think) overwrites the actual data instead of just deleting files, it's good that it then bricks the system, as it vastly increases the chances of recovering your deleted data if the system stops working. (and thus stops using the drive)

    1. Paul 129
      Unhappy

      Re: On the plus side...

      Try deleting all the files on your system and then recovering. Since you can't recover the directory structure it all goes into the one folder that you then have to sort through... A job for the masochistic.

      1. Andus McCoatover
        Windows

        Re: On the plus side...

        HUH???

        As Girlie sometimes says "You're doing it all wrong...!"

        OK, I guess you're not using a decent backup tool. Or, you're using Windoze. Or both.

      2. Jess--

        Re: On the plus side...

        Errr not since using the undelete command in dos have I come across a file recovery tool that couldnt rebuild the directory structure

        1. Tom 13

          Re: ...using the undelete command in dos...

          Yeah I remember those days. I also remember Peter Norton had a tool that would recover the directory structure plus undelete the files for a while before M$ wrote the undelete command into DOS. When Win95 first came out, I figured M$ had finally figured out a way to permanently kill the Norton software (Windows isn't done 'till Lotus won't run). And I was right.

          1. Anonymous Coward
            Anonymous Coward

            Re: ...using the undelete command in dos...

            @Tom 13 - That's the problem with writing software which replicates functionality that you think should be in the OS, eventually that software gets written into the OS.

    2. Tom 13
      FAIL

      Re: On the plus side...

      Down vote for failure to read article, then speculating about how it works even though article states otherwise.

  14. Anonymous Coward
    Anonymous Coward

    At last

    a virus that really does wipe your hard drive - quick, forward this email to everyone you know

  15. Desert_Stormer
    Mushroom

    What's the Question?

    And the Jeopardy answer is:

    "This Islamic nation state stands to gain the most if ARAMCO is off line and cripling sanctions are removed by the EU and the US."

This topic is closed for new posts.

Other stories you might like