Shamoon is the name of a new tool, one used by cyber criminals and hackers. Designed to carry-out a specific goal, it belongs with the other tools that make up the newest examples of malware. Like Stuxnet, Duqu, Flame and Gauss, Shamoon is programmed to invade a computer without getting detected.

This new invasive tool differs markedly from the earlier types of malware. Those were things that had been designed to disrupt a computer’s operating system. Today cyber criminals feel unsatisfied with such tools; those troublemakers want something that can go after valuable and specific pieces of information. Armed with Shamoon, a cyber criminal can hope for success, while seeking to unearth a username, password, bank account number or a collection of credit card information.

Shamoon’s ability to invade a computer and retrieve private information relates to the level of control that it can establish. It manages to control the PC that it has invaded. Once in control of a computer, that latest form of malware can introduce spam, conduct a phishing effort or allow the entrance of more malware. Such procedures pave the way for removal of information that was supposed to be stored, away from the prying eyes of others.

The attack conducted by Shamoon has been described as one that is targeted and stealthy. It takes advantage of what those familiar with computer software have come to refer to as zero day flaws. It represents the type of threat that has led to development of the latest cross device security tools.

Because of Shamoon’s ability to take advantage of zero day flaws, it is said to conduct a zero day attack. That means that it exploits the vulnerability of a computer application even before the same computer has become aware of that vulnerability. In other words, Shamoon’s zero day exploit allows a vulnerability to be fully utilized even before knowledge of that same vulnerability becomes public knowledge.

Today, experts in vulnerability management have developed a process that can eliminate a zero day weakness, when it exists within a programmed application. Unfortunately, that process is not one that can be carried out in a short space of time. It involves the completion of four different stages.

During the first stage, the management experts study an analysis. Those men and women examine the ability of any potentially targeted software to conduct a surface analysis. Only software that can properly analyze the surface of a program has the potential to evade the attack provoked by a cyber criminal.

Next the management experts focus on a test. Each of them seeks to determine how well some selected software, something that could be at risk of being the target of a zero day attack, would be able to conduct a procedure called fuzz testing. When management software conducts fuzz testing, then it identifies and prepares itself for specific attack vectors.

The next stage concerns the production of a report. It is not a written report, like a student must give to a teacher, or a salesperson must prepare for a weekly meeting. Instead it concerns the reproduction of possible problems. Those must be reproduced in a form that can be examined by a software developer. That reproduction allows the developer to study the issues that must be addressed, in order to improve the security of an application.

The final stage involves the introduction of means for mitigating the disruptive effects of invasion by a piece of malware. That mitigation must be accomplished through the introduction of an effective means of protection. At the present time, two different approaches are used at once, in order to mitigate the effects of a zero day attack.

One approach is called whitelisting. Whitelisting serves as a means for controlling what happens to a computer’s operating system. It allows only a known and recognized application to access that system.

The other approach is called intrusion-prevention. Its name describes clearly the task completed during the performance of that approach. It cannot be carried-out in the absence of whitelisting; the two approaches work together. Unfortunately, their ability to mitigate the effects of a zero day attack can come at a price. The introduction of those two approaches can make a computer’s operation a bit more restrictive.

That fact points out the need for more research in the area of vulnerability management. Ideally, management of a computer’s vulnerability should not impede its ability to function smoothly. A virus can accomplish that task.

Of course computer viruses seem to be a lot like the viruses studied by biologists. Aided by hackers and cyber criminals, new viruses enter the scene, and seek to harm the operating system in any of the invaded computers. As experts seek to develop a way for dealing with Shamoon, there is sure to be some troublemaker somewhere, who is seeking to improve on the invasive nature of that latest tool.