Monday, June 24, 2013

Shamoon latest virus threatens the corporate world


Shamoon is one of the latest virus that threatens the world, especially in the Corporate. Even the Minister of Defense United States Leon Panneta to intervene and memepringatkan the dangers of viruses Shamoon it.

ARMACO, state-owned oil company of Saudi Arabia has been the victim of a virus attack that also have the name of this DISSTRACK W32. Not only owned oil companies are already willing arab attacked by this virus, computer networking company owned natural gas from Qatar, RasGas had also been experiencing the same thing.
according to Panetta, Shamoon Virus Corporate is eyeing large computer networks, especially in the fields of energy, more than 30.0000 computer that has been infected with this virus, now considered useless and should be replaced,
"Saying Panetta, speaking at a business forum in New York, quoted by Reuters page.

then how this virus works: and anti-virus company Symantec also explained, work processes or W32 Disstrack Shamoon virus, which consists of three components, namely: dropper, wiper, and reporter

According to the description on the site Symantech, the components of the virus dropper off and go and get into a resources file, which generally operates on Windows systems. Upon entry of this virus to multiply and enter to execute themselves.

After entering and executing self, wipers were working. At least a number of functional components will be removed, it was Shamoon virus will also remove some of the existing drivers and worked on in a number of locations, then rewrite a program with another driver.

After the report was to be in action. This component will provide the data or report to the offender or who sent the virus. and data sent are: Domain name, number of files copied over, the IP Address and some other random numbers.

and just imagine if this virus attacks your company.
Interestingly virus but this was not made ​​by top class programmer, lab researcher at anti-virus company Kaspersky, Dmitry Tarakanov, said that because mistakes are made, including a comparison of the defect and replace the date with uppercase lowercase in its programming. This led to the failure rate is high.

"Instead of using a string in the right format, malware authors use the '% s% s% d' with uppercase 'S'.'s Causing the failure of function 'sprintf' and there is no string in the full path created. This means no file is dropped . there was no file, no execution. malware Shamoon So do not function to execute another program, "the statement Tarakanov, quoted from ZD Net.

Kaspersky also suspect malware is made the amateur. "We have a clue that the people behind the Shamoon malware is not top class programmer. Naturally made ​​mistakes and showed that they were still amateurs skills as they create destructive malware that can replicate independently (self-replicating)," according to the conclusions made Tarakanov .

No comments:

Post a Comment