View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 17, 2012

Data-destroying malware found targeting energy companies

Shamoon doesn't steal data but wipes important files and kills PCs

By Steve Evans

Security researchers have uncovered malware targeting companies in the energy sector – but instead of stealing sensitive information, it looks to disable infected PCs.

The malware was spotted by Symantec, who have dubbed it Disttrack or Shamoon. It has targeted at least one company in the energy sector and works by corrupting important files on an infected machine and then overwriting the MBR (Master Boot Record), which can render a PC unusable.

According to McAfee, the data is lost permanently and the machine is not recoverable.

No further information has been given on who the target was or how destructive the malware has been.

Earlier this week it was reported by Bloomberg that Saudi oil company Aramco was recovering after its computers were infected with a virus. It is not clear if the two are related however. What is clear though is that companies in the Middle East are increasingly the target of cyber attacks from the likes of Israel and the US. Flame, Stuxnet, Duqu and more have all been spotted causing havoc across the Middle East.

Shamoon contains three modules, according to Symantec. The first of these is called Dropper, which is the source of the infection and installs the other modules of infected PCs. The second is called Wiper, which destroys the data and the PC and finally Reporter, which sends details of its activity back to base.

The second of these modules, Wiper, brings to mind the malware of the same name that targeted Iranian facilities earlier this year. It was found to be deleting sensitive information regarding Iran nuclear capabilities. It was while researching the original Wiper that Kaspersky Lab found Flame, described as the most sophisticated malware ever created.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

However Kaspersky researchers have claimed that this new Wiper is unrelated to the original. "It is more likely that this is a copycat, the work of a script kiddies inspired by the story," the company said.

Symantec added that, "threats with such destructive payloads are unusual and are not typical of targeted attacks."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.