tech blog header

3 Things You Should Have Known About Shamoon

Posted on Sat, Oct 6, 2012

IT SecurityShamoon is a computer malware which mainly attacks computers that run on Microsoft Windows OS. Also known as "Disttrack," this vicious invader is threatening IT security by stealing data from computers then wiping them clean. The computer owner not only suffers from having his personal data stolen from the pc, he/she has to contend further with the fact that the computer is now useless. Below are the 3 main facts everyone should know about Shamoon:

1. It only affects Microsoft Windows operating system

As mentioned earlier, only computers which run on Windows have been reported to be affected by this destructive malware. This therefore means that other operating systems such as Linux and Mac OS are safe - for now. Windows operating systems that have since been affected include: Windows Server 2008, Windows Server 2003, Windows 7, Windows ME, Windows NT, Windows Vista, Windows XP, Windows 2000, Windows 98 and 95. Some managed security vendors offer some relief for computer owners. One antivirus company has said that its antivirus offers protects specifically against Shamoon.

2. It attacks on two stages

Shamoon is particularly dangerous for large organizations or businesses with a network of computers. After it gains access to the network by infecting one PC, it travels through the network to infect other computers as well. It has the capability to completely disarm the network's security. The malware operates by gaining access to files. Then the files are deleted while the information is being is being sent to the attack base. Once this information is stolen, Shamoon covers its tracks by overwriting the files. It does not leave a Master Boot Record behind, meaning that the owner of the computer cannot boot the computer. This destructive trend is the distinguishing feature of Shamoon, it's calling card.

3. Shamoon targets the energy sector

Shamoon is after the big players, that is companies in the oil and energy sectors. So far, at least two companies have suffered from a Shamoon invasion. Saudi Aramco, the national oil provider in Saudi Arabia, has had a few computers rendered useless after an attack. Though the company insists that production during and after the attack remained running as usual, the attack has led to the isolation of the organization’s computer network. The company does admit that abrupt disruption was experienced on some of their computers. As a precautionary measure, the computer networks have been isolated. RasGas which is Qatar based has also been hit by what is believed to be Shamoon. The attack compromised network security by shutting down email servers and the company website as well.

Shamoon is without a doubt highly destructive and a threat to IT security in any sector, especially for major oil and energy industry companies since that's where it seems to target. There is still uncertainty as to who is really behind the attacks. Investigations led by Kaspersky indicate that the cyber threat may be a copycat of Stuxnet, a worm that was responsible for attacking Iran’s nuclear program computers earlier in the year. The Iranian attack also involved wiping out hard drives. However, a group called "Cutting Sword of Justice" has claimed that they are responsible for the Saudi Aramco attack. Will your company be next?

Tags: shamoon, Network Security, IT Security, Anti-Virus

Free Whitepaper

Follow Us