Symantec Security Response - New Targeted Attacks Aims to Destroy Rather than Steal

Dubbed The Shamoon Attacks, W32.Disttrack is a new threat that is being used in specific targeted attacks against at least one organization in the energy sector. It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable.

W32.Disttrack consists of several components:

  1. Dropper—the main component and source of the original infection. It drops a number of other modules.
  2. Wiper—this module is responsible for the destructive functionality of the threat.
  3. Reporter—this module is responsible for reporting infection information back to the attacker.

Threats with such destructive payloads are unusual and are not typical of targeted attacks. Symantec Security Response is continuing to analyze this threat and will post more information as it becomes available. Symantec customers are protected from this threat, which our security products detect as W32.Disttrack.

The malware also has a suicide function that results in the malware removing itself after it has accomplished its purpose.

More details.