Shamoon attacks persist
Posted on 05.09.2012
While it still unknown whether the recent attacks against Saudi Aramco and RasGas were part of the so-called Shamoon attacks, the latter are continuing unabated, says Symantec.


These newest attacks also use a more recent variant of the destructive Disstrack malware.

Initially, the malware would drop a wiper component and it would first wipe a prioritized list of files contained in the Documents and Settings, Users and System32\Config folders by overwriting them with a 192KB block filled with a partial JPEG image of a burning United States flag, then the computer's Master Boot Record and its active partition.

This new variant isn't into making a statement, so the 192KB block that overwrites the files contains only randomly generated data.

Unfortunately, the initial infection vector has still not been confirmed, so it's difficult to say what likely targets should be on the lookout for.

The malware can be detected by a variety of desktop AV solutions, but if you don't have one, checking for and finding a service called ddr, a file called ddr.sys in the %System%\Drivers folder and ddrisk.sys in the %System%\Drives folder may indicate that your machine has been compromised.

Still, this is a problem that individual users are likely not to have, as the Shamoon attacks have been very limited and extremely targeted.






Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //