Mystery Malware Wreaks Havoc on Energy Sector Computers
Like malware that attacked Iran, Shamoon permanently destroys hard disk data.
Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer’s hard drive and rendering the machine unusable.
The computer worm, alternately dubbed Shamoon or Disttrack by researchers at rival antivirus providers Symantec and McAfee, contains the string “wiper” in the Windows file directory its developers used while compiling it. Combined with word that it targeted the energy industry, that revelation immediately evoked memories of malware also known as Wiper that reportedly attacked Iran’s oil ministry in April and ultimately led to the discovery of the state-sponsored Flame malware.
In a blog post published Thursday, researchers from Russia-based Kaspersky Lab said the file and service names in the original Wiper aren’t present in Shamoon. They also noted that Wiper uses a different pattern when destroying disk data. As a result, they said the two pieces of malware are likely not connected.