Shamoon 2 Malware Spotted
Learn all about the newly identified Shamoon 2 malware in our in-depth technical article and how it impacts infected hosts. Experts from Palo Alto Networks have identified the dangerous threat and dubbed it Shamoon 2 malware as it is uses the original code base.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
Shamoon 2 Malware Identified
The Shamoon 2 malware is a dangerous new computer security threat that has been identified by researchers from Palo Alto Networks. It originates from the older Shamoon virus which was identified back in 2012, also known as Disttrack. The newer Shamoon 2 was used to attack various organizations located in the Persian Gulf. Some of the targets include Saudi Arabia’s General Authority of Civil Aviation (GAGA).
Two separate versions of the Shamoon 2 malware have identified. The first variant was configured in a way that automatically wipes the connected drives of the infected hosts on a specific date – November 17 2016. The second version has been configured to wipe the infected machines at 1:30 AM (Saudi Arabia time) on another date – November 29 2016.
The delivered payload in the second wave was similar to the first one however several differences were identified. Like the in the first Shamoon attacks the virus spreads across the local network using legitimate domain account credentials. It is possible that the criminals have harvested the information from previous attacks or other related breaches.
The Shamoon 2 malware has the ability to access credentials for virtualization products from Huawei and virtual desktop infrastructure solutions such as FusionCloud. It is very likely that the hackers have targeted these services as they have been referenced in various official documentation releases issued by the company.
They are used to provide a layer of protection against malware such as Shamoon by loading snapshots of the wiped systems. The FusionCloud systems run in a Gnu/Linux environment which makes it harder for the Windows-only Diskttrack malware to penetrate. This is why this newer version of the malware has been updated. The Shamoon 2 malware contains mostly the same components as previous version. A commercial version of the disk wiping tool RawDisk by EldoS Corporation is employed as it provides direct access to manipulating both files, disks and partitions.
According to the researchers the virus focuses mainly on sabotage by deleting everything that it can access. It is not known who is responsible for the first or the second version of the threat. However as it bears sophisticated modules configuration some experts suggest that it may be sponsored by a state.