pdonyinaat May 06,2016 The malware writer used "%S%S%d.%s" with an uppercase "S". This causes a "sprintf" function failure and no full path string is created
pdonyinaat May 06,2016 It exploits legitimate signed drivers of Eldos’ software RawDisk. At first they thought that it was done for rewriting purposes, but Windows 7 gives standard user access without the need for a signed third-party driver
pdonyinaat May 06,2016 Shamoon needs to run with administrator privileges anyway, so the coding seems pointless.
jpnick99at June 13,2016 Interesting break down on this virus. I was unaware of the destructive nature of the virus; especially as it wrote jpeg's over any deleted files to basically wipe out any chance of recovery. I find it interesting the DOD forbade using thumb drives on government computers around the time this virus came out.
sbudd4at July 04,2016 Interesting to hear that the virus leveraged commercial off the shelf software. Would also be curious to know how influential the impact of Shamoon had on government agencies implementing more robust insider threat programs.