From Wikipedia, the free encyclopedia
Jump to: navigation, search
For the actor, see Shamoon Abbasi.

Shamoon,[a] also known as Disttrack, is a modular computer virus discovered by Seculert[1] in 2012, targeting recent NT kernel-based versions of Microsoft Windows. The virus has been used for cyber espionage in the energy sector.[2][3][4] Its discovery was announced on 16 August 2012 by Symantec,[3] Kaspersky Lab,[5] and Seculert.[6] Similarities have been highlighted by Kaspersky Lab and Seculert between Shamoon and the Flame malware.[5][6]

The virus has been noted to have behaviour differing from other malware attacks, intended for cyber espionage.[7] Shamoon can spread from an infected machine to other computers on the network. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, upload them to the attacker, and erase them. Finally the virus overwrites the master boot record of the infected computer, making it unbootable.[3]

The virus has hit companies within the oil and energy sectors.[2][4] A group named "Cutting Sword of Justice" claimed responsibility for an attack on 35,000 Saudi Aramco workstations, causing the company to spend a week restoring their services.[8] The group later indicated that the Shamoon virus had been used in the attack.[9] Computer systems at RasGas were also knocked offline by an unidentified computer virus, with some security experts attributing the damage to Shamoon.[10]

Shamoon made a surprise comeback in November 2016 according to Symantec.[11] Latest update new attack on 23Jan2017[12]

See also[edit]


  1. ^ "Shamoon" is part of a directory string found in the virus' Wiper component.


  1. ^ Kutty, Darpana (18 September 2012). "Seculert: 'Shamoon' malware covers its tracks by crippling infected systems after stealing data". TopNews Network. Retrieved 25 March 2014. 
  2. ^ a b "Shamoon virus attacks Saudi oil company". Digital Journal. 18 August 2012. Retrieved 19 August 2012. 
  3. ^ a b c "The Shamoon Attacks". Symantec. 16 August 2012. Retrieved 19 August 2012. 
  4. ^ a b "Shamoon virus targets energy sector infrastructure". BBC News. 17 August 2012. Retrieved 19 August 2012. 
  5. ^ a b "Shamoon the Wiper — Copycats at Work". 16 August 2012. Retrieved 19 August 2012. 
  6. ^ a b "Shamoon, a two-stage targeted attack". Seculert. 16 August 2012. Retrieved 19 August 2012. 
  7. ^ "Exhibitionist Shamoon virus blows PCs' minds". The Register. 17 August 2012. Retrieved 19 August 2012. 
  8. ^ Perloth, Nicole (October 24, 2012). "Cyberattack On Saudi Firm Disquiets U.S.". The New York Times. pp. A1. Retrieved October 24, 2012. 
  9. ^ "Virus knocks out computers at Qatari gas firm RasGas". CNET. 30 August 2012. Retrieved 1 September 2012. 
  10. ^ "Computer virus hits second energy firm". BBC News. 31 August 2012. Retrieved 1 September 2012. 
  11. ^ "Shamoon: Back from the dead and destructive as ever". Symantec. 30 November 2016. Retrieved 6 December 2016. 
  12. ^ "Saudi Arabia warns on cyber defense as Shamoon resurfaces". Reuters. 23 January 2017. Retrieved 26 January 2017.