Or...
Or, this could be the work of government agencies that want to raise the cyber-threat level, hence increasing their influence and importance.
While most malware these days tries to work under the radar to avoid detection, a new species has been reported that wipes the drives of the systems it infects. The Shamoon software carries out a two stage attack, according to an analysis by Israeli security firm Seculert. Once a system on a network is infected, the code …
This post has been deleted by its author
it affects Windows 95, Windows 98, Windows XP, Windows 200, Windows Vista, Windows NT, Windows ME, Windows 7, Windows Server 2003 and Windows Server 2008.
Copies itself to the following network shares:
ADMIN$
C$\\WINDOWS
D$\\WINDOWS
E$\\WINDOWS
Is it a new Windows vulnerability, social engineering caused by the lack of software repositories or a usual business of allowing a user to have the admin rights? Or is all three?
"Shamoon works its way into a computer that is directly connected to the Internet, and then from there begins to spread to other computers connected to the same network".
So no user interaction, therefore.
Isn't that what MS's Trusted Computing (Trustworthy Computing, NGSCB, TPM, Bitlocker, ???) was supposed to prevent?
http://www.microsoft.com/about/twc/en/us/security.aspx
http://en.wikipedia.org/wiki/Trustworthy_Computing (The advertorial part of this article would be quite hilarious if it were not so sad).
http://content.dell.com/us/en/enterprise/d/large-business/windows-7-security-trusted
I understand that it can delete files in userspace, but in Windows directories and the MBR? How does it get onto the machine in the first place - details are absent (at least, I could not find any with a quick google; should I have tried Bing?).
Or am I just completely out of it?
To give a little perspective, you need to be aware that when I worked in Saudi, software was sold by how many diskettes (5 1/4") it took to make a copy, and the manuals by how many pages/bindings. Only one legitimate copy of any given program was sold in the magic Kingdom, from there on the manuals got shipped to China for duplication, and the diskettes were copied far and wide and a set was made up for you while you waited at the shop in the souk, usually with additional softxxxxmalware thrown in for free. So no incentives (like actually being paid or anything) for legitimate software companies.
At the local utility headquarters, one department's PCs had over a hundred viruses each (IT stopped counting at a hundred). They just reformatted them down to the bare metal and re-installed the MBR, OS (PC-DOS) and basic apps. Most of the viruses floating around (and transferred by diskette) were all boot sector infections.
The point being that when your population (and workforce) is so casually engaged in software piracy, it is nearly impossible to keep malware out of your machines. That was the situation then, and I really doubt that there has been any significant changes in the situation since (CDs/DVDs for floppies doesn't count).
As a complete aside, one of the regular tests for newcomers (English speaking) among the expats, was how do you spell check/cheque, thinking fast I answered Czech...
Could very well be ...
Several users did report they lost all their harddrives. Rumour has it the outbreak was limited to the personal network, not the production network.
Same rumour has it that it's the dammam site that was hit hardest.
Wondering what the impact will be on the securoty on their production networks.
Usb out, ps/2 back in ?
And a further limitation on how far their windows production network is allowed to even touch their unix/linux networks.
Yeah I remember those days. I also remember Peter Norton had a tool that would recover the directory structure plus undelete the files for a while before M$ wrote the undelete command into DOS. When Win95 first came out, I figured M$ had finally figured out a way to permanently kill the Norton software (Windows isn't done 'till Lotus won't run). And I was right.