Shamoon Malware Deletes Window's Computer Contents

By | Aug 17, 2012

Purely malicious malware is back. Symantec has spotted what it's dubbed as the Shamoon malware (also known by McAfee as Disttrack) that's attempting to ruin the day, in what appears to be an epic fashion, for those who favor the Window's operating system. According to InfoWorld, the malware deletes the entire contents of the user's computer and prevents the computer from rebooting. In situations such as this, IT may be able to recover some of the data, but most likely the outcome when a hard drive is erased, is that the user's beloved computer is rendered useless.

While most malware nowadays is an end to a means (money, information), the bug Shamoon seeks only to make the user's day impossibly awful. According to ars technica, the malware has self-propagation capabilities that allow it to spread between computers using shared network disks while also employing a legitimate systems driver to get low-level access to the computer's hard drive. It then wipes the masterboot record.

Though Symantec isn't 100 percent sure how the malware initially hits, they do know that it's an executable file. The assumption is that it attacks via an email attachment that infects the user's computer when opened. Symantec's comments via Infoworld also state that the malware may or may not be targeting specific computers, specifically those in the energy sector.

Ars technica also reports that though Shamoon is faintly reminiscent of the malware known as "Wiper" that wreaked havoc on Iran's Oil Ministry back in April, researchers from Kapersky Labs did not find the file and service names from the original Wiper in Shamoon. The Russian-based lab posed that the new malware could potentially be the work of copycats.

As any IT professional knows, a copycat hit--even if it's targeted at a specific group--doesn't necessarily mean everyone else is safe from this type of malware. While this purely malicious bug could easily be an isolated incident, it could also signify the start of a trend. Now is as good a time as any for IT at a midsize business to reiterate to employees the importance of not opening emails from unknown sources or clicking on links and attachments if they can't identify the sender. While it seems like the simplest rule to stand by, it also ends up being one of the easiest to forget. Why else would hackers keep using attachments to wreak havoc?

Shamoon also reinforces how important it is to back up everything whether via external hard drives or the cloud. Even if this kind of malware rendered a midsize enterprise's computers useless, the data wouldn't be permanently lost. And though, it may cause a major glitch, business could eventually return to usual. No backup, and well, even the best IT pros in the world may not be able to help.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...