Another malware wreaking havoc on company networks

Virus ProtectionSymantec is currently warning computer users that a new variation of the Shamoon malware has been detected.  This most recent variant performs several different actions on infected systems.  In addition to wiping data and destroying entire files by replacing sectors with random data, the new version of Shamoon is capable of wiping a system’s master boot record.  The malware’s effects also include changing a machine’s active partitions, an action that could render much of the data stored on a system inaccessible or unusable.  Symantec’s computer safety software suite is able to detect this new version of Shamoon as W32.Disttract.

Shamoon is an example of a fairly sophisticated piece of malware.  Instead of attacking the system in a random fashion, Shamoon will scan through a list of files identified as high-priority targets.  It opens up certain specified files in order to determine what access rights might exist on the system.  The security team at Symantec provided additional details about how this new version of Shamoon operates on an infected system: “If successful, it [the malware] will then copy itself to the remote system32 directory and attempt to execute itself using psexec.exe.  If unsuccessful, it will try to load itself as a remote service.  Once it has successfully looped through all target machines it will delete itself.”

The target machines can include all systems on a local network.  Shamoon attempts to share itself across the entire network by gaining access to the domain credentials that control access to the local domain.  Some businesses have seen thousands of workstations become infected in this manner.  Saudi Aramco, for example, has reported that the new variant of Shamoon managed to spread itself to 30,000 of its business systems, greatly interfering with the company’s ability to maintain solid data security.

Is your computer network secure?  Take the Great Lakes Computer Corporation’s FREE 27 point Network System Audit to find out.

If you would like to learn how we can help please contact us