Friday, October 12, 2012

Shamoon virus outbreak in middle East prompts warnings to companies from Panetta; could it spread to home users?


A large number of computers in Saudi Arabia owned by Aramco, and in Qatar owned by Ras Gas, have been infected and rendered “inoperable” by a virus called Shamoon, as in this story Sept. 25 Summer Said of Dow Jones in the Gulf Times,  link.  

Leon Panetta has warned that similar attacks could compromise railroads or power companies in the US, as in this story on P A5 of the Oct. 12 Washington Post, link here

It still is hard to believe that components of critical infrastructure would be accessible through the public Internet.  Some infections might have been introduced by flash drives.

Panetta has called Shamoon the most destructive virus yet for the private sector, Reuters story here

It’s not immediately apparent whether it could impact ordinary users, or how a home user could encounter it.   It appears capable of acting as spyware and of destroying data, both. 

But Kaspersky’s Dmitri Tarakanov has a detailed technical discussion on how Shamoon works, here

So it’s fair to say that data signature files from major vendors (including Kaspersky) have been updated for this threat, and that Cloud-based services (Webroot Secure Anywhere) would recognize it. 

The virus is reported to have major bugs and appears to have come from a hactivist group rather than a state.  One of its payloads is a small piece of an image of flag-burning.  There is some mention of the idea that this virus or a similar one can affect both Windows and Unix based systems. 

There is some similarity between Shamoon and Wiper, which shut down some businesses in Iran last spring.
Effective cyberwarfare against the US and the west (not including the use of crude DOS attacks) assumes access to critical infrastructure from the public Internet in most cases, and this should be relatively easy to stop.  Much more grave threats could come from EMP weapons, which can be small and non-nuclear and can affect significant areas even from the ground.  The US Army has and uses these weapons in Afghanistan (and used them in Iraq) now, so conceivably they could fall into the wrong hands or be crudely duplicated.  

The New York Times is also reporting on Panetta's remarks big time Friday morning.

No comments: