Browse Definitions:
Definition

Shamoon

Contributor(s): Stan Gibilisco

Shamoon, also called W32.Disttrack, is a computer virus that has been used for cyber espionage, particularly in the energy sector. The malware was first discovered in August 2012, when it compromised thousands of computers in Saudi Arabia. Shamoon attacks computers running Windows NT, Windows 9x, and Windows Me.

Similarities have been found between Shamoon and the Flame virus, which was discovered earlier in 2012 and targeted governmental organizations, educational institutions, and private individuals, primarily in the Middle East, and notably in Iran. Shamoon operates in several stages:

  • An attacker launches Shamoon on a network.
  • The virus spreads to the hard disks of other computers in the network by means of a function called "dropper."
  • The virus compiles lists of files on each infected computer.
  • A function called "reporter" sends information about the files and the malware's activity back to the attacker.
  • A function called "wiper" erases some or all of the compromised files.
  • The virus overwrites the master boot record (MBR) of the computer so that it cannot reboot.

An activist youth group calling itself "Cutting Sword of Justice" claimed responsibility for an attack on Saudi Aramco workstations using the Shamoon virus in August 2012. This attack compromised about 30,000 computers. Restoration took about two weeks. Computer systems at RasGas were also affected in the same month by a virus that some experts believe was Shamoon.

This was last updated in February 2013

Continue Reading About Shamoon

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • principle of least privilege (POLP)

    The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for...

  • identity management (ID management)

    Identity management (ID management) is the organizational process for identifying, authenticating and authorizing individuals or ...

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

SearchStorage

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close