Mystery malware wreaks havoc on energy sector computers

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2012/08/shamoon-malware-attack/

By Dan Goodin
Ars Technica
Aug 16, 2012

Malware researchers have uncovered an attack targeting an organization 
in the energy industry that attempts to wreak havoc by permanently 
wiping data from an infected computer's hard drive and rendering the 
machine unusable.

The computer worm, alternately dubbed Shamoon or Disttrack by 
researchers at rival antivirus providers Symantec and McAfee, contains 
the string "wiper" in the Windows file directory its developers used 
while compiling it. Combined with word that it targeted the energy 
industry, that revelation immediately evoked memories of malware also 
known as Wiper that reportedly attacked Iran's oil ministry in April and 
ultimately led to the discovery of the state-sponsored Flame malware.

In a blog post published Thursday, researchers from Russia-based 
Kaspersky Lab said the file and service names in the original Wiper 
aren't present in Shamoon. They also noted that Wiper uses a different 
pattern when destroying disk data. As a result, they said the two pieces 
of malware are likely not connected.

"It is more likely that this is a copycat, the work of script kiddies 
inspired by the story," members of Kaspersky's Global Research & 
Analysis Team wrote. Kaspersky researchers were instrumental in 
uncovering Flame, which like Stuxnet, Duqu, and Gauss, is highly 
sophisticated malware believed to have been sponsored by one or more 
nations to spy on or attack Iran or other countries.

[...]