Attack of the Clones

Remember that "Pandora's box" that security bloggers and experts were warning about once it was reported that Stuxnet might have come from a government body?

Well, it looks like the occupants of said box are slowly starting to trickle out. News came out this week that a Saudi oil company was hit by an info-stealing, rootkit-deleting virus -- one very similar to Stuxnet and one that looks like Flame's younger brother (if you squint your eyes).

The virus, called Shamoon, is a targeted malware that retrieves and transmit wanted data back to the attackers, while, at the same time, rewrites Windows machines' rootkits, making them inoperable -- a tactic that the average scum hacker doesn't employ.

That's because the majority of malware is created for the sole purpose of stealing personal info (like credit card numbers). It wouldn't do any good to launch a virus that alerts the user that they've been compromised (and a perfectly working machine that just up and quits on you is a good sign of a compromise). How would your neighborhood jerk hacker have time to use that credit card number they've spent so much time acquiring if you've already cancelled the card?

On the other hand, when, say a government body wants to grab info on the inner workings of a plutonium enrichment plant, destroying all evidence of your identity is far more important than alerting your target that you've already infiltrated their system. It's a bit harder to abandon a billion dollar facility if you know another government knows the inner workings.

Now before Mark Russinovich starts penning his next novel based on the exploits of this particular virus, it's worth noting that security experts believe Shamoon isn't part of any global action by a government body -- it was more than likely the work of an individual who decided to play copycat after seeing the news on Stuxnet and Flame.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.