NEWS - August 22, 2012
by Carol~ - 8/22/12 6:49 AM
Mystery malware that targeted energy group contains amateur coding goof
"The date-comparison bug is further evidence that Shamoon isn't state sponsored."
The mystery malware that recently wreaked havoc on energy sector computers contains an amateur programming error that's not typical of state-sponsored attacks, security researchers said.
The flaw, which was reported in a blog post published on Tuesday by researchers from Russia-based Kaspersky Lab, was found in "Shamoon," a piece of malware that wipes data from infected computers and also prevents them from booting up. It struck computers in at least one organization tied to the energy industry. After the word "wiper" was found embedded in the underlying binary, some researchers questioned whether the malware was linked to an earlier attack by that name that was used to destroy data belonging to Iran's oil ministry.
Kaspersky researchers later dismissed those suspicions after finding significant differences in the way the two pieces of malware behaved. Kaspersky's post on Tuesday introduced yet more evidence that Shamoon wasn't state sponsored: a programming routine that fails to accurately determine if a specified date has come.
Continued : http://arstechnica.com/security/2012/08/mystery-malware-amateur-coding-error/
Related : Flaws in Shamoon Malware Reinforce Theory It's Not A Wiper Variant