If your Windows-based computer suddenly won't boot up, it could be the work of malware that deletes the contents of your computer -- farewell, documents, pictures, and videos -- and then prevents reboot.
Just spotted in the wild, it's being called either Disttrack (McAfee's name) or the Shamoon attacks (Symantec's), and researchers say it's notable because it's been a long while since they've noticed malware going to such lengths to truly make someone's life miserable in this way by deleting personal files.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
IN THE NEWS: Tech Bullies Behaving Badly
"Ten years ago we used to see purely malicious threats like this," muses Symantec researcher Liam O Murchu. He said there's some uncertainty at this point about exactly how the malware spreads -- it's an executable, so it could likely arrive as an email attachment that when opened infects a vulnerable computer -- but one thing is certain: If your computer gets hit and you can't reboot, you have a real problem. So far, there's some indication that Shamoon may be part of a targeted attack against the energy sector companies.
"It can be difficult getting anything working again," O Murchu says about what happens when a Shamoon attack hits a computer. The likely scenario for the victim would be an experience in which the computer is booting up, but all the files get erased, and the computer collapses into a non-bootable state. In that event, it would probably require the help of IT professionals with experience in recovery services to get things going again, perhaps by replacing the master boot record, or connecting the hard drive to another computer to use it to access the damaged one, he adds.
So far, though, Shamoon -- Symantec calls it that because of strings found in the malware folders saying that, as well as "Arabian Gulf" -- doesn't appear to be something that's being blasted out to a very wide audience. In fact, Shamoon malware seems to be aimed at very specific targets.
"It may be targeted at particular companies," says O Murchu. At this point, Symantec thinks it's possible that oil companies in the energy sector could be intended targets of Shamoon.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.
Read more about wide area network in Network World's Wide Area Network section.
This story, "'Shamoon' Windows malware deletes computer contents, prevents reboot" was originally published by Network World.