-
pdonyina
at May 06,2016
The malware writer used "%S%S%d.%s" with an uppercase "S". This causes a "sprintf" function failure and no full path string is created
-
pdonyina
at May 06,2016
It exploits legitimate signed drivers of Eldos’ software RawDisk. At first they thought that it was done for rewriting purposes, but Windows 7 gives standard user access without the need for a signed third-party driver
-
pdonyina
at May 06,2016
Shamoon needs to run with administrator privileges anyway, so the coding seems pointless.
-
jpnick99
at June 13,2016
Interesting break down on this virus. I was unaware of the destructive nature of the virus; especially as it wrote jpeg's over any deleted files to basically wipe out any chance of recovery. I find it interesting the DOD forbade using thumb drives on government computers around the time this virus came out.
-
sbudd4
at July 04,2016
Interesting to hear that the virus leveraged commercial off the shelf software. Would also be curious to know how influential the impact of Shamoon had on government agencies implementing more robust insider threat programs.