As we reported a few days ago, Shamoon is a new trojan malware that has the ability to take control of a computer and then infect the MBR. However, from a full study, it does not appear to be as “up-to-speed” as researchers thought.
ThreatPost reports on the issues: “Some clumsy coding discovered during an analysis of the Shamoon malware has led researchers to conclude that it is probably not related to the Wiper malware that hit some Iranian networks recently and likely isn’t the work of serious programmers.”
“This error indirectly confirms our initial conclusion that the Shamoon malware is not the Wiper malware that attacked Iranian systems,” wrote Kaspersky Lab researcher Dmitry Tarakanov in a Securelist post.
Instead, researchers are seeing that the Shamoon malware only steals data from the machine, before infecting the MBR. Some consider the work of Shamoon malware, like we also do, the work of a skiddie.
Also, it seems the malware is misbehaved, because it relies on a Windows Service, set to Start and Run Automatic. If the Service is stopped, half the malware doesn’t work. This kind of peculiar sense shows that this Shamoon malware may just be a test of the abilities of the hacker, and could possibly lead to other complicative malware.
As usual, stay tuned here for more updates in the future on the Shamoon malware.