Cyber Attack: Shamoon Malware Infects, Steals, Wipes MBR

[Guest]

There is a new malware making the rounds that has security researchers scratching their heads.

Cyber Attack: Shamoon Malware Infects, Steals, Wipes MBR : Read more

 

[pharoahhalfdead]

"Scriptkiddies?..." Is this another article about Anonymous? lol

 

[freggo]

I'd like to spend 10 minutes alone with the idiot who created this, in a sound proof room; I will bring my favorite baseball bat.

 

[wiinippongamer]

^wow dude you're a badass.

 

[jhansonxi]

Shamoon, also known as Disttrack, is unusual as it infects a PC, steals certain data, sends the data to another infected PC and then overwrites the PC's master boot record, which makes the system virtually useless.

Scary, but it's not PC-specific. It's just more Windows malware. Obviously not the usual suspects since most malware is used to gain control of a system for spying or botnets.

 

[thorkle]

[citation][nom]freggo[/nom]I'd like to spend 10 minutes alone with the idiot who created this, in a sound proof room; I will bring my favorite baseball bat.[/citation]
Why do you have do many baseball bats that you would have a favorite bat?

 

[face-plants]

According to the BBC's reporting on the Shamoon bug 2 days ago, it was a Saudi Arabian company, Aramco (their national oil provider and one of the largest in the world) not a Chinese one who first announced they were infected.

 

[kristoffe]

Good article, and if you're worried about it, just make a record of your MBR to a USB drive or dropbox it to yourself.

http://www.ghacks.net/2010/09/01/how-to-backup-and-restore-the-mbr-in-windows/

you can also start your pc up with HIREN'S BOOT CD and restore your MBR from the backup you have made as well

http://www.hiren.info/pages/bootcd

 

[cRACKmONKEY421]

"makes the system virtually useless"

I guess fixmbr doesn't work?

 

[djcolley]

Must be a real problem for people that still own PCs

 

[olaf]

yawwwnnn lame nothing more then a hindrance rly ... your data is still on the drive, makes for good business i guess if you fix computers

 

[hetneo]

[citation][nom]cRACKmONKEY421[/nom]"makes the system virtually useless"I guess fixmbr doesn't work?[/citation]
LOL @ Wolfgang Gruener. Don't worry monkey, fixmbr always works.

 

[blazorthon]

[citation][nom]pharoahhalfdead[/nom]"Scriptkiddies?..." Is this another article about Anonymous? lol[/citation]

They aren't referring to Anon.

 

[blazorthon]

Must be a real problem for people that still own PCs

It wouldn't be difficult to make a similar malware for OSX and Linux, especially OSX. It might even be able to simply be ported over. Furthermore, as others have said, it's not hard to avoid letting something like this cause an MBR problem.

 

[Guest]

So they changed a hard-coded file path, and a hard-code service name, ya know, the kind of things that antivirus could look for? Yup, couldn't possibly be the same people, I've authored or co-authored about 10 pieces of software, and I never change file paths or service names...

I never cared about Kaspersky because I run the hardened, server-grade, no-need-for-antivirus OS known as Linux on my home PCs, but if Kaspersky thinks that it couldn't possibly be the same virus because 2 arbitrary file names were changed, then I'll come right out and say that Kasperky are idiots.

*Queue Up Idiots Who Say Linux Doesn't Need Antivirus Because 90% Marketshare of Web Servers Isn't Enough for Hackers to Care About it Yet*

 

[Inferno1217]

You can pull the drive and scan to remove then reinstall and fix the boot mbr.

 

[danwat1234]

[citation][nom]thorkle[/nom]Why do you have do many baseball bats that you would have a favorite bat? [/citation]

I think he's talking about his penis.

 

[Camikazi]

[citation][nom]djcolley[/nom]Must be a real problem for people that still own PCs[/citation]
You mean like over 90% of the people who have computers?

 

[kristoffe]

It's best to back up the MBR instead of trying to use the generic fixmbr, if you know how these infections hit, and have ever done data recovery, you can't just rebuild something removed and purposefully scrambled if the right things have been introduced to the attack process.

as for the jackass trolls who talk about "PC" systems, they're just pissed that apple computers and phones of all types are being infected at a crazy fast rate, you know the one's that "can't" get infected? lol.

 

[house70]

[citation][nom]djcolley[/nom]Must be a real problem for people that still own PCs[/citation]
Why? Do you rent yours?

 

[captaincharisma]

[citation][nom]pharoahhalfdead[/nom]"Scriptkiddies?..." Is this another article about Anonymous? lol[/citation]

what other kids group would they be talking about LOL

 

[JOSHSKORN]

[citation][nom]danwat1234[/nom]I think he's talking about his penis.[/citation]
I don't, but I think he does want to "rape" this guy, essentially...of course, in a different context.

 

[Guest]

"two reports of Shamoon in the wild, both cases in China, which led them to believe that the malware was used in "very focused targeted attacks." "

Seriously Chinese Government! please stop making malware! You can't even do it right! It's made out of cheap code that breaks!

 

[alidan]

[citation][nom]freggo[/nom]I'd like to spend 10 minutes alone with the idiot who created this, in a sound proof room; I will bring my favorite baseball bat.[/citation]

you could execute him on national tv at the superbowl and i guarantee you no court would convict you.

 

[applegetsmelaid]

Only two reported cases, and in China? Lets be conservative and say that there are half a billion computers in China. That would be a 1 out of 250,000,000 shot to come in contact with this malware. Your odds are actually better in winning the powerball, which is 1 / 175,223,510, and that's if you live in China.