Hunting of new Shamoon infections

Christian Beek published an article “Analysis of new Shamoon infections”. Shamoon – a malaware that appears to come back to the stage after a four-malware holiday. Shamoon was originally discovered about four years ago as a result of the attacks against the Saudi Aramco oil company. His intention was to destroy thousands of computers.

The article Christiaan Beek made Shamoon analysis. He demonstrated how the infection of the target PC. The computer owner will receive an email with an attached document. When you try to open a document starts macroscript that runs PowerShell script by which the target computer to download malicious software. The article shows the fragments PowerShell script, specify a location within the computer’s memory where the system and writes a temporary file. In addition, all as shown in File locations & file names that allow the researcher to identify that the computer been just such an attack. Also, the author of the article indicated Interesting strings in code-samples that can be used to identify and PowerShell script.

More.