Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malware Used in Aramco Attack Likely Work of Amateurs

Unknown Lamer posted about 2 years ago | from the insult-injury dept.

Security 18

wiredmikey writes with this excerpt from Security Week: "The Disttrack/Shamoon malware, while destructive, appears to be the work of amateurs and not elite and sophisticated developers, according to the latest analysis. The malware proved that it was possible for developers to subvert legitimate kernel-mode applications for malicious purposes, but it appears that the malware could have been even more destructive and dangerous, if it had not been for a series of programming mistakes in the code, according to recent analysis from Kaspersky Lab. Other suggestions that the developers behind the Shamoon malware are not high-profile programmers include that the command-and-control server is hard-coded as two addresses, which limits the tool since if the address ever changes, the infected machine can no longer receive instructions. The developers were most likely motivated by political reasons, as the malware overwrote existing files with a fragment of an image of a burning American flag. The Malware has also been reported to be linked to the recent Saudi Aramco attack, which some reports have suggested that insiders may have been partly involved. Saudi Aramco hasn't officially said what type of malware hit its systems."

cancel ×


Sorry! There are no comments related to the filter you selected.

Heh (0)

niix (839104) | about 2 years ago | (#41312945)


Footlong Brown Snake (-1)

Anonymous Coward | about 2 years ago | (#41312973)

I just dropped a footlong brownsnake on your momma's chest, and she gobbled it down, peanuts and all.

Re:Footlong Brown Snake (-1)

Anonymous Coward | about 2 years ago | (#41313193)

I just popped my footlong trwsersnake up you momma's twat right after I dumpped a metric quart of sticky cum on your little brother's face.

Re:Heh (0)

Anonymous Coward | about 2 years ago | (#41317729)


But which OS did this malware run on?

What gave it away? (1)

puddingebola (2036796) | about 2 years ago | (#41312979)

Was it the part where it launched Space Invaders?

Re:What gave it away? (0)

Anonymous Coward | about 2 years ago | (#41313039)

This and so many other answers await you in... the summary.

Patch MotherFuckers, Patch ...NO, WAIT! (-1)

Anonymous Coward | about 2 years ago | (#41313007)

No one MADE you read this so go away if you are a tardolamomotherfucker.

It's iPhone 5 and iPad 3 DAY to-day! Fuck the patches! Full speed ahead, and may God bless or fucking souls motherfuckers!

The culprit (0)

Psicopatico (1005433) | about 2 years ago | (#41313459)

"It compiles. Ship it!"

Re:The culprit (1)

kelemvor4 (1980226) | about 2 years ago | (#41314041)

"It compiles. Ship it!"

No, the summary clearly indicates that this code was written by amateurs rather than professionals.

Mmmmmm...Mustamova (1)

Impy the Impiuos Imp (442658) | about 2 years ago | (#41313605)

> The Disttrack/Shamoon malware, while
> destructive,appears to be the work of
> amateurs and not elite and sophisticated
> developers's the work of extremely elite developers. Now that the cat's out of the bag that the major powers are actively engaged in cyber warfare...

Re:Mmmmmm...Mustamova (1)

Gilmoure (18428) | about 2 years ago | (#41313881)

Wiait, did they or did they not have accredited degrees in Hacking and/or Cracking and were they licensed contractors with the state?

Re:Mmmmmm...Mustamova (0)

Anonymous Coward | about 2 years ago | (#41315279)

Or it could be the work of anybody more sophisticated than they appear to be, and they made themselves look less sophisticated than they are.

Given the general domain, it's hard to say.

Similarly for motive. Anybody can include a political message.

In my uneducated opinion, the original article by Tarakonov is informative for its technical details.

But the conclusions about the Shamoon developer(s) depends on assumption.

Learn from mistakes (1)

Mr10001 (1686378) | about 2 years ago | (#41313871)

It's great to know they made mistakes, however... now they can learn from them?

Shomer Shabbos! (0)

Anonymous Coward | about 2 years ago | (#41314175)

They're a bunch of goddamn amateurs, Dude!

Re:Shomer Shabbos! (0)

Anonymous Coward | about 2 years ago | (#41314749)

shut the fuck up donnie!

If I were NSA (0)

Anonymous Coward | about 2 years ago | (#41316217)

If I were an NSA "malware author" and I wanted to blame the attack on someone else (false flag) how better than to make parts of the code look amateurish? Throw in an image of a burning American flag for good measure.

Not that I think the U.S. government had anything to do with this particular attack (it doesn't make political sense), but trying to track down authors of malware code is guess work at best.

Forwarded email to Dmitry Tarakanov (1)

tlambert (566799) | about 2 years ago | (#41316433)

Hi Dmitry! Thanks for the great code review! If you could please look at the new patches we've put up on github, and sign off on them, then the changes can make next Monday's release!

Seriously, how stupid is publishing this stuff?

Work of Amateurs? (0)

Anonymous Coward | about 2 years ago | (#41317311)

Well! We amateur radio operator are sometimes accused of causing television interference, but to accuse us of writing malware is really too much!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>