Attack of the Clones

Remember that "Pandora's box" that security bloggers and experts were warning about once it was reported that Stuxnet might have come from a government body?

Well, it looks like the occupants of said box are slowly starting to trickle out. News came out this week that a Saudi oil company was hit by an info-stealing, rootkit-deleting virus -- one very similar to Stuxnet and one that looks like Flame's younger brother (if you squint your eyes).

The virus, called Shamoon, is a targeted malware that retrieves and transmit wanted data back to the attackers, while, at the same time, rewrites Windows machines' rootkits, making them inoperable -- a tactic that the average scum hacker doesn't employ.

That's because the majority of malware is created for the sole purpose of stealing personal info (like credit card numbers). It wouldn't do any good to launch a virus that alerts the user that they've been compromised (and a perfectly working machine that just up and quits on you is a good sign of a compromise). How would your neighborhood jerk hacker have time to use that credit card number they've spent so much time acquiring if you've already cancelled the card?

On the other hand, when, say a government body wants to grab info on the inner workings of a plutonium enrichment plant, destroying all evidence of your identity is far more important than alerting your target that you've already infiltrated their system. It's a bit harder to abandon a billion dollar facility if you know another government knows the inner workings.

Now before Mark Russinovich starts penning his next novel based on the exploits of this particular virus, it's worth noting that security experts believe Shamoon isn't part of any global action by a government body -- it was more than likely the work of an individual who decided to play copycat after seeing the news on Stuxnet and Flame.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Office Mobile Apps To End as Microsoft Highlights New Office App

    Microsoft plans to end support for Windows 10 Mobile applications on Jan. 12, 2021, according to a Friday announcement.

  • Is Microsoft Finally Reinventing Office?

    Microsoft is testing out a new technology called "Fluid Framework." It could mean that Brien's dream of one Office app to rule them all might soon become reality.

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.