Mystery malware wreaks havoc on energy sector computers

Mystery malware wreaks havoc on energy sector computers

arstechnica.com

Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer's hard drive and rendering the machine unusable.

(visit the link for the full news article)

The article comments say a lot in context of the fact the system driver in use is signed by a British based company with Russian ties...

Is it possible the artifacts in this malware are spoofed? Instead of being the work of simply the AYG, could it also be sponsored by another group? Nation state?



arstechnica.com
(visit the link for the full news article)

Iran striking back? I hope they make one that plays the iranian equivalent of nsync. They must have #ty music too....lmao

Originally posted by HunkaHunka
The article comments say a lot in context of the fact the system driver in use is signed by a British based company with Russian ties...

Digital certificates and keys can be stolen, when the theft is discovered such certificates are usually revoked and become invalid. It might have been anyone inside or outside who got hold of the keys and decided to sell it or maybe even intentionally stole those in order to sign already made malware. It's not that difficult to steal one but once found the malware becomes less effective and has to be signed again or even completely rewritten if AV companies have found the code. So the company might not have anything to do with it.

Security has become a bigger issue over the years but still there are many systems administrators out there who don't think security is very important or just can't do much about it because the company doesn't care and doesn't want to invest for a possible disaster which might never happen. I've seen a lot of people with company phones and laptops who don't have AV or it's there but not running, or outdated virus definitions, no automatic updating of the os, no firewall, bluetooth always on, users having admin rights, emailing passwords unencrypted, downloading all kinds of toolbars or just plain surfin for porn and getting their computers infected with all kinds of stuff.

It doesn't seem to be that "respected". They credit it to script kiddies. It also doesn't spy and report back. Just wipes data. Also it only infected about 50 computers the article said, so , I am guessing a copycat.

I would guess that this is just a strike back for the malware sent to Iran.

More info and comments here: www.abovetopsecret.com...

(FYI)

Au Contraire this vrua does report back......(its report is detaled in the article)
Is there some way of tracng hat report to the culprits? or is it too deeply buried in the webs annaonymous features?
I begin to think that we are about to destroy the Internet with all this crap.......how much more of it will arise in the next decade and how sophostivcated will it get?
Somehow, i think the Security companies (lke Kasperski et al,) have a hand in making these things too.....
Its good business for them is it not?

Consider this....malware can be placed in any piece of electronics that has a circuit board installed. It can be done by a manufacturer before it ever leaves the plant. Now stop and think about where most circuit boards are manufactured.....



Light bulbs, anyone??? *grin*