Shamoon malware stalks, corrupts and deletes

A number of security firms have positively identified a new piece of malware stalking the energy sector.

Dubbed Shamoon, the threat has been described by Symantec as “a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable.”

Although not yet widespread, Shamoon has sparked concern amongst various security analysts, including those at SecuLert.

“The interesting part of this malware is that instead of staying under the radar and collect information, the malware was designed to overwrite and wipe the files and the Master-Boot Record of the computer,” company reps wrote in a blog post. 

“Furthermore, Shamoon is collecting the names of the files it has overwritten and sending this information to another internal machine within the compromised company network.”

According to analysts at Kaspersky, the malware is likely a copycat, the work of a script kiddies inspired by the story of Flame that targeted Iranian infrastructure with a very efficient data wiper.

“Nowadays, destructive malware is rare; the main focus of cybercriminals is financial profit. Cases like the one here do not appear very often,” the Kaspersky analysts concluded. 

“So we can conclude that the malware is not widespread and it was probably only used in very focused targeted attacks.”