Samker's Computer Forum - SCforum.info

World TOP Headlines: => Latest Security News & Alerts => Topic started by: Samker on 17. August 2012., 17:50:15

Title: Your computer won't boot up if you're infected with Disttrack aka Shamoon
Post by: Samker on 17. August 2012., 17:50:15

(http://4.bp.blogspot.com/_ESwaspNKDJA/S8vck4ArF_I/AAAAAAAAAHU/fhSJrBz6-nY/s1600/computer_crash.jpg)

If your Windows-based computer suddenly won't boot up, it could be the evil doing of malicious malware that deletes the contents of your computer -- farewell, documents, pictures, and videos -- and then prevents reboot.

Just spotted in the wild, it's being called either Disttrack (McAfee's name) or the Shamoon attacks (Symantec's), and researchers say it's notable because it's been a long while since they've noticed malware going to such lengths to truly make someone's life miserable in this way by deleting personal files.

"Ten years ago we used to see purely malicious threats like this," muses Symantec researcher Liam O Murchu. He said there's some uncertainty at this point about exactly how the malware spreads -- it's an executable so it could likely arrive as an e-mail attachment that when opened infects a vulnerable computer -- but one thing is certain: If your computer gets hit and you can't reboot, you have a real problem. So far, there's some indication that Shamoon may be part of a targeted attack against the energy sector companies.

"It can be difficult getting anything working again," O Murchu says about what happens when a Shamoon attack hits a computer: http://www.symantec.com/connect/blogs/shamoon-attacks
The likely scenario for the victim would be an experience in which the computer is booting up, but all the files get erased, and the computer collapses into a non-bootable state. In that event, it would probably require the help of IT professionals with experience in recovery services to get things going again, perhaps by replacing the master boot record, or connecting the hard drive to another computer to use it to access the damaged one, he adds.

So far, though, Shamoon -- Symantec calls it that because of strings found in the malware folders saying that, as well as "Arabian Gulf" -- doesn't appear to be something that's being blasted out to a very wide audience. In fact, Shamoon malware seems to be aimed at very specific targets.

"It may be targeted at particular companies," says O Murchu. At this point, Symantec thinks it's possible that oil companies in the energy sector could be intended targets of Shamoon.

(PCW)