'Shamoon' Spyware Searches, Then Destroys
16 Aug 2012
By: Paul Wagenseil, NBC News
A nasty new piece of malware has been discovered in the Middle East targeting energy companies. Unlike Stuxnet, Duqu or Flame, which stalked the same ground, this one's purely, strangely destructive.
Dubbed "Shamoon" after a filename found in its code, the spyware infects all the computers in an internal network, then effectively erases them — but not before collecting the names of the files it's overwritten and sending them out to an unknown command-and-control server.
It may have already hit Saudi Aramco, Saudi Arabia's state-owned oil-production company, which said Wednesday that it had shut down its main computer systems after an unspecified malware intrusion.