| Story Views | |
| Now: | |
| Last Hour: | |
| Last 24 Hours: | |
| Total: | |
Latest Computer Virus Attacks the Energy Sector
Saudi Arabia’s national oil company was taken offline yesterday, potentially by the newest member of the malware family, Shamoon, aka Disttrack.
Saudi Aramaco released a statement on their website regarding the incident:
The company has isolated all it’s electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network. The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network.
The cybersecurity firm, Symatec, described Shamoon as ”a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable.”
The virus is reminiscent of Wiper and Flame in that the sole purpose is to overwrite the information on the infected computer and wipe it out, as opposed to many viruses that lurk unnoticed and gather information.
It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable,” wrote security firm Symantec.
The attack was designed to penetrate a computer through the internet, before targeting other machines on the same network that were not directly connected to the internet.
Once infected, the machines’ data is wiped. A list of the wiped files then sent back to the initially infected computer, and in turn passed on to the attacker’s command-and-control centre.
During this process, the attack replaces the deleted files with JPEG images – obstructing any potential file recovery by the victim.
Seculert, another cybersecurity firm, provided further analysis.
Shamoon uses a two-stage attack. First it infects a computer connected to the internet and turns this into a proxy to communicate back with the malware’s command-and-control server. After that, it branches out to other computers on the corporate network, steals information, then executes its payload and wipes the machines. Finally, it communicates this to the external command-and-control server.
The International Business Times has reported that a group of hackers identifying themselves as the Arab Group Youth have claimed responsibility for the attack, saying the purpose was to warn the Saudi government and in particular the House of Saud, the ruling royal family of Saudi Arabia against “continuing to betray the nation”. Thus far, the group has been unable to verify their responsibility for the cyberattack.
Thus far the damage is minimal – only 50 computers have been affected, but ARS Technica has recommended vigilance. “That’s a tiny number, but given its focus on energy companies and its resemblance to software that reportedly targeted Iran’s oil ministry, it’s worth keeping an eye on.”
Delivered by The Daily Sheeple
2012-08-17 10:06:07
Source: http://www.thedailysheeple.com/latest-computer-virus-attacks-the-energy-sector_082012
Source:
