Disk-Wiping Shamoon Malware Currently with Virtual Desktop Destruction Capability

According to researchers, one fresh strain of Shamoon the malware which wiped disks and was first used to attack the state-owned oil enterprise of Saudi Arabia during 2012, now features an additional capability for destructing virtual desktops.

Shamoon's foremost assault was during 2012 on a company in Saudi Arabia and the second only in 2016. In these assaults, the aim was to wholly erase data from computers. But, the latest third discovery seeks for destructing virtual machines and simultaneously erasing hard drives.

The current assault had the hackers steal usernames and passwords in the formal Huawei records. Digitaltrends.com posted this, January 10, 2017.

Falcone reports that solutions for Virtual Desktop Infrastructure are developed for
protecting against Disttrack an extremely harmful malware via loading wiped computers' snapshots. Because the Shamoon hackers obtained the associated usernames and passwords it shows the purpose of their hack was for acquiring admission into these technologies that organizations targeted used so their damaging assault made an increasing effect.

The official documents contain many of the user ids as well as passwords in the form of administrator A/Cs for the virtualized desktop solutions of Huawei like FusionCloud. It's yet not certain with the researchers whether Shamoon hackers acquired the said usernames and passwords during one previous assault against the attacked network alternatively used the default credentials for cracking the login particulars for the virtual desktop infrastructure.

Falcone stated that using genuine, default alternatively stolen credentials to target VDI solutions suggested a heightening of tactics which administrators required knowing while adopting urgent measures for assessing and dealing with them.

The researchers discovered sixteen A/C credentials in the most recent Disttrack malicious program which consist of administrator and user accounts. Further, the existence of the user ids and passwords inside Huawei's documents indicated to the researchers that the companies just utilized those default credentials rather than construct fresh ones.

The new Shamoon variant would start overwriting computers in the morning at 1:30am on 29th November 2016. It's the same time when earlier Shamoon variants tried making their destructive outcome the maximum via hitting the targeted company when the latter's resources and personnel would be fewer.

» SPAMfighter News - 1/16/2017