Shamoon, also known as Disttrack, is a malware infection that is able to overwrite the master boot record (MBR) of an compromised PC and, thus, make it useless. Shamoon may also be used to affect various companies. Shamoon steals confidential information from ‘Documents and Settings’, ‘System32/Config’ and ‘System32/Drivers’ folders from victims on vulnerable Windows PCs. Shamoon uses a two-stage attack; first, it corrupts a PC connected to the internet and turns this into a proxy to communicate back with the malware infection’s command-and-control server. Then, Shamoon branches out to other PCs on the corporate network, steals information, then executes its payload and wipes the computers. after all, Shamoon contacts the remote command-and-control server.
How Can You Detect Shamoon?