Shamoon, the virus behind 30,000 computers compromise is back

Cyber Attack, Threat

Shamoon, the disk-wiping malware which was once used in attacks against the Saudi energy sector in 2012, has made a shocking comeback.

In a fresh wave of attacks against targets in Saudi Arabia, it marked comeback.

Information Security companies like CrowdStrike, Palo Alto Networks Inc and Symantec Corp. warned of the new attacks on Wednesday.

Is it behaving like the previous one? The malware used in the recent attacks is largely similar to the variant used four years ago.

But apparently, it has changed it appearance. In the 2012 attacks, compromised computers had their master boot records cleaned and replaced with an image of a burning US flag.

The latest attacks instead used a photo of the body of Alan Kurdi, the three year-old Syrian refugee who drowned in the Mediterranean sea last year.

The original Shamoon malware, also called W32.Disttrack, was first discovered in August 2012, when it compromised thousands of computers in Saudi Arabia.

Who was behind Shamoon? An activist youth group calling itself “Cutting Sword of Justice” claimed responsibility for an attack on Saudi Aramco workstations using the Shamoon virus in August 2012. This attack compromised about 30,000 computers.

The motive of the recent attacks was also not immediately clear. Symantec Security Response team said “Why Shamoon has suddenly returned again after four years is unknown.”