Attack of the Clones
Remember that "Pandora's box" that security bloggers and experts were warning about once it was reported that Stuxnet might have come from a government body?
Well, it looks like the occupants of said box are slowly starting to trickle out. News came out this week that a Saudi oil company was hit by an info-stealing, rootkit-deleting virus -- one very similar to Stuxnet and one that looks like Flame's younger brother (if you squint your eyes).
The virus, called Shamoon, is a targeted malware that retrieves and transmit wanted data back to the attackers, while, at the same time, rewrites Windows machines' rootkits, making them inoperable -- a tactic that the average scum hacker doesn't employ.
That's because the majority of malware is created for the sole purpose of stealing personal info (like credit card numbers). It wouldn't do any good to launch a virus that alerts the user that they've been compromised (and a perfectly working machine that just up and quits on you is a good sign of a compromise). How would your neighborhood jerk hacker have time to use that credit card number they've spent so much time acquiring if you've already cancelled the card?
On the other hand, when, say a government body wants to grab info on the inner workings of a plutonium enrichment plant, destroying all evidence of your identity is far more important than alerting your target that you've already infiltrated their system. It's a bit harder to abandon a billion dollar facility if you know another government knows the inner workings.
Now before Mark Russinovich starts penning his next novel based on the exploits of this particular virus, it's worth noting that security experts believe Shamoon isn't part of any global action by a government body -- it was more than likely the work of an individual who decided to play copycat after seeing the news on Stuxnet and Flame.