http://arstechnica.com/security/2012/08/shamoon-malware-attack/ By Dan Goodin Ars Technica Aug 16, 2012 Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer's hard drive and rendering the machine unusable. The computer worm, alternately dubbed Shamoon or Disttrack by researchers at rival antivirus providers Symantec and McAfee, contains the string "wiper" in the Windows file directory its developers used while compiling it. Combined with word that it targeted the energy industry, that revelation immediately evoked memories of malware also known as Wiper that reportedly attacked Iran's oil ministry in April and ultimately led to the discovery of the state-sponsored Flame malware. In a blog post published Thursday, researchers from Russia-based Kaspersky Lab said the file and service names in the original Wiper aren't present in Shamoon. They also noted that Wiper uses a different pattern when destroying disk data. As a result, they said the two pieces of malware are likely not connected. "It is more likely that this is a copycat, the work of script kiddies inspired by the story," members of Kaspersky's Global Research & Analysis Team wrote. Kaspersky researchers were instrumental in uncovering Flame, which like Stuxnet, Duqu, and Gauss, is highly sophisticated malware believed to have been sponsored by one or more nations to spy on or attack Iran or other countries. [...]Received on Fri Aug 17 2012 - 05:07:58 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 17 2012 - 05:24:04 PDT