Shamoon Disk Wiper Malware returns

The Shamoon or Disttrack worm is a wiper. It is known to overwrite files stored in the affected system and infects its master boot record (MBR). Its first iteration overwrites documents, pictures, videos, and music files, wipes the MBR, and replaces it with an image of a burning flag.

It can overwrite the infected system’s disk with random data or could take the following names (dropped and executed in the system folder as %System%\{wiper name}):

_tdibth.exe
_wialx002.exe
acpipmi2z.exe
af0038bdax.exe
arcx6u0.exe
averfix2h826d_noaverir.exe
hidirkbdmvs2.exe
mdamx_5560.exe
mdmgcs_8.exe
mdmusrk1g5.exe
megasasop.exe
netbxndxlg2.exe
prncaz90x.exe
prngt6_4.exe
prnlx00ctl.exe
prnsv0_56.exe
tsprint_ibv.exe
vsmxraid.exe
wiacnt7001.exe

Shamoon spreads by dropping copies of itself in the system’s administrative shares. The Shamoon worm propagates in these shared network/administrative folders: ADMIN$, C$\WINDOWS, D$\WINDOWS, and E$\WINDOWS.

Users should enforce Patch and update the system to prevent vulnerabilities from being exploited. Regularly back up important data to mitigate damage. Employ multilayered security mechanisms such as application control, firewall and intrusion prevention and detection systems. We receommend using Max Total Security which provides all of these features.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>