Sign in / up

back to article Shamoon malware spawns even nastier 'StoneDrill'

Researchers following up on last November's re-emergent Shamoon malware attacks have found something even nastier. A quartet of Kaspersky researchers say the “StoneDrill” malware sits in a victim's browser, and wipes any physical or logical path accessible with the target user's privileges. Although StoneDrill mostly seeks …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Terminator

    StoneDrill malware sits in a victim's browser

    How does the StoneDrill malware get into the victim's browser in the first place?

    3 0 Reply
    1. Doctor Syntax Silver badge
      Reply Icon

      Re: StoneDrill malware sits in a victim's browser

      "How does the StoneDrill malware get into the victim's browser in the first place?"

      Phishing or malvertising.

      0 0 Reply
    2. Destroy All Monsters Silver badge
      Reply Icon

      Re: StoneDrill malware sits in a victim's browser

      Clicking on stuff?

      2 0 Reply
  2. frank ly

    Mitigation?

    Maybe I should make a 'low-privilege' user for browsing, not just because of StoneDrill but on general principle. I don't like the idea of losing every file that I have access to at this moment. (I do have full backups on a drive in my desk drawer.)

    3 0 Reply
    1. Duncan Macdonald
      Reply Icon

      Re: Mitigation?

      For effective browser security use a VM running from a Linux live CD ISO. Do not give the VM any persistent storage and restart the VM for each new browser session. If the VM does not have access to any of its host's file system then even the most heavily boobytrapped web site should be unable to cause damage.

      5 0 Reply
      1. sitta_europea Silver badge
        Reply Icon

        Re: Mitigation?

        Not very good if you want to download a file, or even put a bookmark in your library.

        Far better to run BackupPC on a hardened Linux box on your LAN. That's what I do for my customers. They never lost anything that I couldn't get back for them from a backup.

        2 0 Reply
    2. Destroy All Monsters Silver badge
      Reply Icon

      Re: Mitigation?

      QubesOS for the win!

      1 0 Reply
  3. Scroticus Canis
    Gimp

    Take it it is Windoze only.

    So Nah nah nan nah nah.

    1 2 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon