Shamoon is back again in a new version
Do you remember Shamoon back in 2012?
Shamoon was one terrible virus/malware that deleted all the data on computer’s back in 2012. It’s estimated that 32,000 computers lost all their date when they got infected. And created lots of the problem for the attacked companies.
To lose all your data would break anybody, but for company it’s really create problem, and credibility. One of the company, a gas company from Saudi Arabia that was attacked in 2012. Lost lots of information when thousands and thousands of date when the hard disc’s was erased.
And now Shamoon has returned
In a modified version. Kaspersky Lab was the security company that found the new version, called Shamoon 2.0.
The company named it Stonedrill. They made the discovery in connection with the investigated Shamoon’s return, which occurred in November 2016.
Version 2.0 has some new tools and methods built making it relies less on external management servers, so-called command and control servers. And are now fully functional for hostages programs and 32-bit and 64-bit components.
So how is the new Stonedrill virus working?
Stonedrill works a little differently way. The program have the ability to avoid detection by going around the hard disk drivers during installation. To succeed with this it’s using a part of the installed computer memory that is related to the user’s browser. Stonedrill also contains a backdoor to spy on unsuspecting victims.
Exactly how the connection between Shamoon and StoneDrill looks, are something that Kaspersky Lab can’t answer. Most likely, is that the programs belong to two different groups who has common interests.
Version 2.0 will create significant problems
As in the most cases of hacking, it’s about gaining control of the victim computer. The modified version of Shamoon allows the attacker to build a customised malware which will spread through the entire network.
Once in place, it will attack a predetermined date and makes all the infected computer unusable. How StoneDrill is spreading is something that Kaspersky Lab do not know yet.
To read more about Shamoon, detected 2012, read the Wikipedia article here