Browse Definitions :
Definition

Shamoon

Contributor(s): Stan Gibilisco

Shamoon, also called W32.Disttrack, is a computer virus that has been used for cyber espionage, particularly in the energy sector. The malware was first discovered in August 2012, when it compromised thousands of computers in Saudi Arabia. Shamoon attacks computers running Windows NT, Windows 9x, and Windows Me.

Similarities have been found between Shamoon and the Flame virus, which was discovered earlier in 2012 and targeted governmental organizations, educational institutions, and private individuals, primarily in the Middle East, and notably in Iran. Shamoon operates in several stages:

  • An attacker launches Shamoon on a network.
  • The virus spreads to the hard disks of other computers in the network by means of a function called "dropper."
  • The virus compiles lists of files on each infected computer.
  • A function called "reporter" sends information about the files and the malware's activity back to the attacker.
  • A function called "wiper" erases some or all of the compromised files.
  • The virus overwrites the master boot record (MBR) of the computer so that it cannot reboot.

An activist youth group calling itself "Cutting Sword of Justice" claimed responsibility for an attack on Saudi Aramco workstations using the Shamoon virus in August 2012. This attack compromised about 30,000 computers. Restoration took about two weeks. Computer systems at RasGas were also affected in the same month by a virus that some experts believe was Shamoon.

This was last updated in February 2013

Continue Reading About Shamoon

SearchCompliance

SearchSecurity

  • cyber attack

    A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to ...

  • backdoor (computing)

    A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.

  • post-quantum cryptography

    Post-quantum cryptography, also called quantum encryption, is the development of cryptographic systems for classical computers ...

SearchHealthIT

SearchDisasterRecovery

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage

  • cloud SLA (cloud service-level agreement)

    A cloud SLA (cloud service-level agreement) is an agreement between a cloud service provider and a customer that ensures a ...

  • NOR flash memory

    NOR flash memory is one of two types of non-volatile storage technologies.

  • RAM (Random Access Memory)

    RAM (Random Access Memory) is the hardware in a computing device where the operating system (OS), application programs and data ...

Close