Part of the Malware glossary:

Shamoon, also called W32.Disttrack, is a computer virus that has been used for cyber espionage, particularly in the energy sector. The malware was first discovered in August 2012, when it compromised thousands of computers in Saudi Arabia. Shamoon attacks computers running Windows NT, Windows 9x, and Windows Me.

Next Steps

Similarities have been found between Shamoon and the Flame virus, which was discovered earlier in 2012 and targeted governmental organizations, educational institutions, and private individuals, primarily in the Middle East, and notably in Iran. Shamoon operates in several stages:

  • An attacker launches Shamoon on a network.
  • The virus spreads to the hard disks of other computers in the network by means of a function called "dropper."
  • The virus compiles lists of files on each infected computer.
  • A function called "reporter" sends information about the files and the malware's activity back to the attacker.
  • A function called "wiper" erases some or all of the compromised files.
  • The virus overwrites the master boot record (MBR) of the computer so that it cannot reboot.

An activist youth group calling itself "Cutting Sword of Justice" claimed responsibility for an attack on Saudi Aramco workstations using the Shamoon virus in August 2012. This attack compromised about 30,000 computers. Restoration took about two weeks. Computer systems at RasGas were also affected in the same month by a virus that some experts believe was Shamoon.

This was last updated in February 2013
Contributor(s): Stan Gibilisco
Posted by: Margaret Rouse

Related Terms

Definitions

  • pharma hack

    - The pharma hack is an exploit that takes advantage of vulnerabilities in WordPress or Joomla documents, causing search engines, notably the one hosted by Google, to return ads for pharmaceutical pr... (WhatIs.com)

  • SEO poisoning (search poisoning)

    - Search poisoning, also known as search engine poisoning, is an attack involving malicious websites that are designed to show up prominently in search results. The sites associated with the links ma... (WhatIs.com)

  • likejacking

    - Likejacking is a variation on clickjacking in which malicious coding is associated with a Facebook Like button. The most common purposes of likejacking include identity theft and the dissemination ... (WhatIs.com)

Glossaries

  • Malware

    - Terms related to malware, including definitions about viruses and Trojans and other words and phrases about malicious software.

  • Security threats and countermeasures

    - Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Dig Deeper

Continue Reading About Shamoon

People Who Read This Also Read...

Ask a Question About ShamoonPowered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top