'Shamoon' Malware May Be Flame 'Copycat'

Security researchers have identified a virus that can steal data from a targeted machine and then rewrite over the master boot record of a computer to make it inoperable.

Called Shamoon, the targeted malware is suspected to be involved in an online attack of Saudi Aramco, a Saudi Arabian oil company, last Wednesday.

The virus has been named Shammon by researchers after an associated file: C:\Shamoon\ArabianGulf\wiper\release\wiper.pdb.

According to researchers at security firm Symantec, an individual infected with the virus may notice some irregularities before the system is forced to reboot.

"They will start to see strange things happen, since a lot of the files on their computer have been rewritten," said Kevin Haley, director of Symantec Security Response, to "You may see error messages, and parts of the files on the computer will be rewritten to the point that the machine will fail to work at all."

According to a company blog post, the malware has three distinct components: a "dropper" agent, which is the main agent that initially infects the system; a "wiper" component, which is involved with deleting data necessary for a system to properly function; and a "reporter" module, which sends back targeted information from an infected system back to the attacker.

While the dropper and reporter components are typically associated with targeted malware, the wiper component is somewhat unique to this type of attack. However, it is not unheard of, as a wiper component was also a part of the Flame virus that hit targeted companies in the Middle East this past May.

However, security firm Kaspersky Labs said it doesn't believe that Shamoon is being launched as a weapon by another nation, as rumored to be the case with Flame.  
"It is more likely that [Shamoon] is a copycat, the work of a script kiddies inspired by the [Flame] story," said Kaspersky in a blog post.

While the malware may only be the work of a copycat, Symantec said it believes that other energy-related companies in the Middle East may be targeted next. However, information from firms investigating the malware, including Symantec and Kaspersky Lab, have not given any clue as to what kind of information is being relayed back to the attacker.

Due to the highly targeted nature of the virus, the vast majority of users are not in harm's way of Shamoon. However, security firms are reminding enterprises to keep all security software up to date and to apply any OS security updates in a timely manner.  

About the Author

Chris Paoli is the site producer for and

comments powered by Disqus

Reader Comments:

Thu, Aug 23, 2012

And one more thing, we are currently getting only around 48% of all petrol from outside the US. The rest comes from our own resources. You need better educate yourself instead of just ranting about things you have little to no innate knowledge about.

Thu, Aug 23, 2012

The Wall Street speculators are responsible for at least 28% of each dollar per gallon you buy. Get your facts straight. The gov can not control what sellers charge, the shippers charge, the refiners charge, the storage facilities charge nor can it direct the distribution of the finished products. They buy from sellers just like distributors do but do not pay all associated taxes that we pay our state, county and fed excise. You want cheaper gasoline? Get all speculation out of the brokering of supplies - Republicans will not hear of that plan since it gets them donations to keep it from happening.

Thu, Aug 23, 2012 Paul from Long Island

The people controlling the oil, gas and diesel prices in this country is the U.S. government through its huge subsidies of the oil and gas industries, and its provision of military protection for the mostly Middle East shipping lanes. The military budget consumes about half of all government revenues. If the true cost of petroleum products were reflected in the price at the pump, those prices would be more like they are in the rest of the world, instead of the ridiculously low prices they are now, which prevents most forms of renewable energy from competing, at least in the U.S. This will come back to haunt us when the rest of the world becomes independent of oil and we are still borrowing billions from China to pay Saudi Arabia for oil.

Wed, Aug 22, 2012 Aggravated citizen and tax payer U.S.A.

I hope they send it to the people controlling oil, gas and diesel prices in this country. They need a rude awakening.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.