Beware! This Virtual Machine Killer Malware Returned From The Dead

Virtual Machine Killer Malware

Virtual Machine Killer Malware

Shamoon malware (aka distrack) popularly known for its cyber emissary capabilities has re-surfaced. It’s back with an even more improved arsenal of taking down virtual machines. Just for a little sneek peek into what shamoon can do, shamoon has the ability to spread on local network. It can send a curated collection of relevant data or files from targeted locations on a computer to the attacker prior to deleting them. Also, shamoon can be capable of overwriting the MBR is rendering your machine aloof.

Shamoon was initialy spotted in 2012 when it was used to attack Saudi Aramco an oil company based in Saudi Arabia. It affected 35000 machines and it took almost a week to get the machines up and running again. Just in November 2016, a new exemplification of shamoon malware dubbed shamoon 2 was witnessed. It was employed to attack another Saudi Arabia based firm and was set to wipe their systems on November 17th.

Image: System unable find OS after MBR chnages | Palo Alto Networks
Image: System unable find OS after MBR chnages | Palo Alto Networks

Similarly, a second shamoon 2 occurrence was spotted in November by security researchers at Palo Alto networks and it was as well targeted in Saudi Arabia. Significantly, the second shamoon 2 malware contained hardcoded account credentials related to the victim organization as noted by the researchers and this was a behavior that hadn’t been observed in previous shamoon 2 occurence.

Given by the fact that the user credentials comply with the windows password complexity requirements, its then valid for the researchers to assume the existence of an unknown attack similar to the November 17th used to capture the usernames and passwords for the latest attack.

The updated shamoon also includes the administrator account user credentials. These are a part of the official documentation for Huawei’s desktop visualization products, like FusionCloud used to create a virtual desktop infrastructure (VDI). Such virtual systems are known to provide protection against malware like shamoon by aiding virtual desktop interface snapshots, backups made before the machine is wiped.

The credentials might have been used by the target organization to set up their Huawei VDI systems. The attackers most definitely included them to increase the intensity of the attack by disabling the virtual machine’s protection. However, It’s quite hard to figure out if the attackers initiated a previous attack to get hold of the credentials or these were only helping hands in making password guesses.

More so, the researchers are incognizant of the medium used to spread the malware that had been scheduled to wipe the systems on November 29th at 1:30 am Saudi Arabia local time. At such time, it’s barely possible that perhaps staff members were present in organization premises therefore increasing the revelation time and maneuvering for any possible remedies.

35 Comments

Leave a Reply
  1. Fantastic beat ! I wish to apprentice even as you amend your
    website, how can i subscribe for a blog site? The account helped me
    a appropriate deal. I had been a little bit familiar of this your broadcast provided bright clear
    idea

  2. Wonderful goods from you, man. I’ve understand your stuff previous
    to and you’re just extremely excellent. I really like
    what you have acquired here, really like what you are saying and the way in which you say it.
    You make it enjoyable and you still care for to keep it smart.
    I can not wait to read much more from you. This is actually a wonderful website.

    Here is my web blog … Alpha Extracts CBD Review

  3. I blog quite often and I seriously thank you for your content.

    The article has really peaked my interest.
    I am going to book mark your blog and keep checking for new information about once per
    week. I subscribed to your Feed too.

    Here is my website: Erexzen Pills

  4. hey there and thank you for your information ? I have definitely picked up anything new from
    right here. I did however expertise a few technical issues using this website, since I experienced to reload
    the site a lot of times previous to I could get it to load properly.
    I had been wondering if your hosting is OK? Not that
    I’m complaining, but sluggish loading instances
    times will sometimes affect your placement in google and could damage
    your quality score if ads and marketing with Adwords.
    Well I?m adding this RSS to my e-mail and could look out for much more of
    your respective intriguing content. Make sure you update this
    again very soon..

    My homepage Re ViVium Cream

  5. Good day! This post couldn’t be written any better!
    Reading through this post reminds me of my previous room mate!
    He always kept chatting about this. I will forward this
    write-up to him. Pretty sure he will have a good read.
    Thank you for sharing!

    Take a look at my page … Slim X Keto Reviews

  6. Hello there I am so glad I found your site, I really found you by mistake,
    while I was researching on Google for something else, Regardless I am here now and would just like to say many
    thanks for a marvelous post and a all round interesting blog
    (I also love the theme/design), I don’t have time to read it all at the moment but
    I have bookmarked it and also added in your RSS feeds, so when I have time I will be back to read more,
    Please do keep up the awesome job.

    Look at my web site :: carraigfoundations.com

  7. Hello There. I found your blog using msn. This is a
    very well written article. I will make sure to bookmark it and come back
    to read more of your useful info. Thanks for the
    post. I will certainly return.

    Feel free to visit my site: Renown CBD Oil

  8. I needed to draft you the bit of observation so as
    to give thanks yet again for your amazing tips you have featured above.

    It has been certainly unbelievably generous with you to supply publicly all
    that a number of us could have offered for sale as an ebook to end up making some dough
    on their own, principally given that you might have done
    it if you ever desired. Those smart ideas additionally acted as a
    easy way to be certain that many people have similar dream much like my personal own to grasp a little more in regard to this issue.

    I know there are a lot more pleasurable moments up front for those who examine your website.

    Here is my site; forum.adm-tolka.ru

  9. Outstanding post however I was wondering if you could write a litte more on this topic?
    I’d be very thankful if you could elaborate a little bit further.
    Many thanks!

    Also visit my site; Karla

Leave a Reply

Your email address will not be published.

Facebook Search Engine

How To Search Anything On Facebook – Using Facebook Search Engine

Los Angeles Valley College Pays Hackers $28,000 Ransomware

Los Angeles Valley College Pays Hackers $28,000 Ransomware To Get Its File Back