Attack of the Clones

Remember that "Pandora's box" that security bloggers and experts were warning about once it was reported that Stuxnet might have come from a government body?

Well, it looks like the occupants of said box are slowly starting to trickle out. News came out this week that a Saudi oil company was hit by an info-stealing, rootkit-deleting virus -- one very similar to Stuxnet and one that looks like Flame's younger brother (if you squint your eyes).

The virus, called Shamoon, is a targeted malware that retrieves and transmit wanted data back to the attackers, while, at the same time, rewrites Windows machines' rootkits, making them inoperable -- a tactic that the average scum hacker doesn't employ.

That's because the majority of malware is created for the sole purpose of stealing personal info (like credit card numbers). It wouldn't do any good to launch a virus that alerts the user that they've been compromised (and a perfectly working machine that just up and quits on you is a good sign of a compromise). How would your neighborhood jerk hacker have time to use that credit card number they've spent so much time acquiring if you've already cancelled the card?

On the other hand, when, say a government body wants to grab info on the inner workings of a plutonium enrichment plant, destroying all evidence of your identity is far more important than alerting your target that you've already infiltrated their system. It's a bit harder to abandon a billion dollar facility if you know another government knows the inner workings.

Now before Mark Russinovich starts penning his next novel based on the exploits of this particular virus, it's worth noting that security experts believe Shamoon isn't part of any global action by a government body -- it was more than likely the work of an individual who decided to play copycat after seeing the news on Stuxnet and Flame.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.