Shamoon

Shamoon Description

Type: Adware

ScreenshotWhile there are plenty of spy Trojans designed to steal sensitive data from an infected computer, Shamoon goes one step further. This dangerous malware infection infiltrates a computer, steals its files, and then overwrites the master boot record, effectively rendering the infected machine useless. Recovering from a Shamoon requires reinstalling the operating system and losing all data on the infected computer. ESG security analysts suspect that Shamoon is part of an organized malware attack against various large companies and that this malware infection is being used in industrial espionage. Fortunately, malware analysts have released updates for reliable anti-malware programs that protect computers from Shamoon's attack. ESG malware analysts recommend updating your software and anti-malware protection to ensure that your computer is safe.

On August 15th of 2012, PC security analysts started to warn computer users about Shamoon. This malware threat steals files located in the Users, System32/Driver, System32/Config, and Documents and Settings folders of computers with the Windows operating system. Although this is not an uncommon characteristic of dangerous spy Trojans, Shamoon also overwrites the infected computer's master boot record. This results in the infected computer becoming useless since it can no longer load its operating system or access its data. Shamoon may also be detected as Disttrack and seems to be part of an attack against large companies, particularly in the energy industry. Malware infections as destructive as Shamoon are actually quite rare and, although not everything about Shamoon is understood completely, Shamoon has been successfully blocked by various anti-malware application.

Understanding a Shamoon Attack

Shamoon is contained in a folder that doesn't take up a lot of space, just under 1 MB. It contains various encrypted files, including a signed disk driver from EldoS, a manufacturer of security components for corporations. Using this signed disk driver, Shamoon can access the infected computer's hard drives. Shamoon has been observed to affect computers running all kind of Windows versions since the Windows 95. Apparently, Shamoon attacks computers in two separate steps. First, Shamoon will access a computer connected to the Internet, installing a backdoor and using the infected computer as a proxy that can be used to download configuration commands from a remote server. Having infiltrated the targeted company, Shamoon can then infect other computers on that company's network in order to steal sensitive data and then wipe those computer's drives. Then, Shamoon sends back that information to a third party.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.