After a two-year absence, the destructive malware Shamoon (W32.Disttrack.B) re-emerged on December 10 in a new wave of attacks against targets in the Middle East. These latest Shamoon attacks are doubly destructive, since they involve a new wiper (Trojan.Filerase) that deletes files from infected computers before the Shamoon malware wipes the master boot record.
News of the attacks first emerged on December 10 when Italian oil services firm Saipem said that it had been hit by a cyber attack against its servers in the Middle East. Two days later, the company said that Shamoon had been used in the attack, which affected between 300 and 400 servers and up to 100 personal computers.
Symantec has found evidence of attacks against two other organizations during the same week, in Saudi Arabia and the United Arab Emirates. Both organizations are involved in the oil and gas industry.