Cyber Attack: Shamoon Malware Infects, Steals, Wipes MBR
There is a new malware making the rounds that has security researchers scratching their heads.
Shamoon, also known as Disttrack, is unusual as it infects a PC, steals certain data, sends the data to another infected PC and then overwrites the PC's master boot record, which makes the system virtually useless.
There has been some speculation why the attacker may have an interest in actually destroying the infected PC. Kaspersky Labs hinted that the 900 KB malware could be related to Wiper, that was used in a cyber attack on Iran in April. After an analysis, the company concluded that this malware is more likely to come from "scriptkiddies" who were inspired by Wiper.
"Our opinion, based on researching several systems attacked by the original Wiper, is that it is not," Kaspersky wrote in a blog post. "The original “Wiper” was using certain service names (“RAHD...”) together with specific filenames for its drivers (“%temp%\~dxxx.tmp”) which do not appear to be present in this malware. Additionally, the original Wiper was using a certain pattern to wipe disks which again is not used by this malware."
However, Kaspersky also said that there have been only two reports of Shamoon in the wild, both cases in China, which led them to believe that the malware was used in "very focused targeted attacks."
Symantec followed up with a detailed description of a 3-phase attacked structure consisting of a dropper, wiper and reporter component that were used "against at least one organization in the energy sector."
I guess fixmbr doesn't work?
Why do you have do many baseball bats that you would have a favorite bat? :-P
Why do you have do many baseball bats that you would have a favorite bat? :-P
http://www.ghacks.net/2010/09/01/how-to-backup-and-restore-the-mbr-in-windows/
you can also start your pc up with HIREN'S BOOT CD and restore your MBR from the backup you have made as well
http://www.hiren.info/pages/bootcd
I guess fixmbr doesn't work?
LOL @ Wolfgang Gruener. Don't worry monkey, fixmbr always works.
They aren't referring to Anon.
It wouldn't be difficult to make a similar malware for OSX and Linux, especially OSX. It might even be able to simply be ported over. Furthermore, as others have said, it's not hard to avoid letting something like this cause an MBR problem.
I never cared about Kaspersky because I run the hardened, server-grade, no-need-for-antivirus OS known as Linux on my home PCs, but if Kaspersky thinks that it couldn't possibly be the same virus because 2 arbitrary file names were changed, then I'll come right out and say that Kasperky are idiots.
*Queue Up Idiots Who Say Linux Doesn't Need Antivirus Because 90% Marketshare of Web Servers Isn't Enough for Hackers to Care About it Yet*
I think he's talking about his penis.
You mean like over 90% of the people who have computers?
as for the jackass trolls who talk about "PC" systems, they're just pissed that apple computers and phones of all types are being infected at a crazy fast rate, you know the one's that "can't" get infected? lol.
Why? Do you rent yours?
what other kids group would they be talking about LOL