New R2D2 Technique Protects Files Against Wiper Malware
|
|
A new variant of Shamoon, the malware that wiped hard drives at Saudi Aramco and other energy companies in 2012, has struck multiple organizations in Saudi Arabia in a new campaign that researchers call a “carefully planned operation.” The new variant, which is almost identical to the version used in the 2012 attacks, has replaced the message it previously displayed—which included an image of a burning American flag—with the photo of the body of Alan Kurdi, the 3-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece.
Bloomberg reports that digital forensics by Saudi officials indicated that the attacks were launched from Iran. Several Saudi government agencies were among the organizations attacked.
New versions of Shamoon, also known as Disttrack, have been detected by multiple information security companies, including McAfee, Symantec, Palo Alto Networks, and FireEye. It isn’t yet clear how the malware’s “dropper” has gotten into the networks it has attacked. But once on a victim’s Windows system, it determines whether to install a 32-bit or 64-bit version of the malware. According to a report from Symantec, the latest Shamoon attack was configured to automatically start wiping the disk drives of computers it had infected at 8:45am local time on November 17.
Read 3 remaining paragraphs | Comments
Threatpost |
FBI Warns US Businesses of Possible Wiper Malware Attacks
Threatpost Researchers at Kaspersky Lab followed bread crumbs left by some wiper malware used in attacks against businesses in Iran that eventually led the to the Flame malware. Flame is espionage malware, discovered in 2012 by researchers at CrySys Lab and … |
Ping! Zine Web Tech Magazine |
Search for Wiper Malware 'Inadvertently' Found Flame
Ping! Zine Web Tech Magazine (Ping! Zine Web Tech Magazine) – Search for something smaller and you could stumble upon something much more serious. That's how things went for security firm Kaspersky when the company was tasked with investigating destructive malware known as … |