paint-brush
Shamoon: The Modular Computer Virus Created in 2012 to Attack Big Oilby@tyler775
162 reads

Shamoon: The Modular Computer Virus Created in 2012 to Attack Big Oil

by Tyler Mc.July 15th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

There was a computer virus that was created back in the year [2012] that was known as Shamoon or W32.DistTrack. This particular computer virus was literally created to target 32-bit NT kernel versions of the Microsoft Windows operating system - hence why the more technical name includes ‘W32’ This virus was particularly notable because it would be able to spread to other computers on a network.
featured image - Shamoon: The Modular Computer Virus Created in 2012 to Attack Big Oil
Tyler Mc. HackerNoon profile picture

There was a computer virus that was created back in the year 2012 that was known as Shamoon or W32.DistTrack if you want to go with the technical name. What does this particular computer virus do to systems in order to try and cause some damage?


Well, this particular computer virus was literally created to target 32-bit NT kernel versions of the Microsoft Windows operating system - hence why the more technical name includes ‘W32.’


This virus was particularly notable because it would not just attack the operating system, but it would be able to spread to other computers on a network.


Once a system is infected by this particular computer virus, the virus continues to compile a list of files from specific locations on the system, upload the list to the attacker, and then erases a lot of the files mentioned.


In fact, this particular virus is interesting because it was designed specifically to erase and overwrite data that is stored on the hard drives of the computers it infects with corrupted images.


This particular virus also has a logic bomb that would trigger at a particular time that was designed to have the malware trigger.


The virus was originally created for attacks against national oil companies including Saudi Arabia’s Saudi Aramco and Qatar’s RasGas by hackers who targeted the Saudi government & provided this message during the attack:


We, behalf of an anti-oppression hacker group that have been fed up of crimes and atrocities taking place in various countries around the world, especially in the neighboring countries such as Syria, Bahrain, Yemen, Lebanon, Egypt and ..., and also of dual approach of the world community to these nations, want to hit the main supporters of these disasters by this action.


One of the main supporters of this disasters [sic] is Al-Saud corrupt regime that sponsors such oppressive measures by using Muslims oil resources. Al-Saud is a partner in committing these crimes.


It's [sic] hands are infected with the blood of innocent children and people. In the first step, an action was performed against Aramco company, as the largest financial source for Al-Saud regime.


In this step, we penetrated a system of Aramco company by using the hacked systems in several countries and then sent a malicious virus to destroy thirty thousand computers networked in this company.


The destruction operations began on Wednesday, Aug 15, 2012 at 11:08 AM (Local time in Saudi Arabia) and will be completed within a few hours.


Then there was a message that references a portion of the malware and how it was able to mess with the systems in various ways:


mon 29th aug, good day, SHN/AMOO/lib/pr/~/reversed

We think it's funny and weird that there are no news coming out from Saudi Aramco regarding Saturday's night. well, we expect that but just to make it more clear and prove that we're done with we promised, just read the following facts -valuable ones- about the company's systems:


  • internet service routers are three and their info as follows:


Core router: SA-AR-CO-1# password (telnet): c1sc0p@ss-ar-cr-tl / (enable): c1sc0p@ss-ar-cr-bl Backup router: SA-AR-CO-3# password (telnet): c1sc0p@ss-ar-bk-tl / (enable): c1sc0p@ss-ar-bk-bl Middle router: SA-AR-CO-2# password (telnet): c1sc0p@ss-ar-st-tl / (enable): c1sc0p@ss-ar-st-bl


  • Khalid A. Al-Falih, CEO, email info as follows:

[email protected] password:kal@ram@sa1960

  • security appliances used:

Cisco ASA # McAfee # FireEye : default passwords for all!!!!!!!!!! We think and truly believe that our mission is done and we need no more time to waste. I guess it's time for SA to yell and release something to the public. however, silence is no solution.


I hope you enjoyed that. and wait our final paste regarding SHN/AMOO/lib/pr/~

angry internet lovers #SH