Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer's hard drive and rendering the machine unusable.

The computer worm, alternately dubbed Shamoon or Disttrack by researchers at rival antivirus providers Symantec and McAfee, contains the string "wiper" in the Windows file directory its developers used while compiling it. Combined with word that it targeted the energy industry, that revelation immediately evoked memories of malware also known as Wiper that reportedly attacked Iran's oil ministry in April and ultimately led to the discovery of the state-sponsored Flame malware.

In a blog post published Thursday, researchers from Russia-based Kaspersky Lab said the file and service names in the original Wiper aren't present in Shamoon. They also noted that Wiper uses a different pattern when destroying disk data. As a result, they said the two pieces of malware are likely not connected.

"It is more likely that this is a copycat, the work of script kiddies inspired by the story," members of Kaspersky's Global Research & Analysis Team wrote. Kaspersky researchers were instrumental in uncovering Flame, which like Stuxnet, Duqu, and Gauss, is highly sophisticated malware believed to have been sponsored by one or more nations to spy on or attack Iran or other countries.

None of the researchers identified the victim or victims of the latest attack except for a brief mention in a blog post by Symantec that said they included "at least one organization in the energy sector." McAfee's report is here.

Saudi Arabia-based Saudi Aramco, the world’s largest crude exporter, was reportedly hit by a computer virus this week that entered its network through personal computers, according to Bloomberg News. Additional details about that malware attack weren't available, although the company said parts of its network linked to oil production weren’t affected and its systems will resume full operations soon.

Shamoon is unusual because it goes to great lengths to ensure destroyed data can never be recovered, something that is rarely seen in targeted attacks. It has self-propagation capabilities that allow it to spread from computer to computer using shared network disks. It overwrites disks with a small portion of a JPEG image found on the Internet.

It also uses what appears to be a legitimate system driver to gain low-level access to a hard drive so it can wipe the master boot record Windows machines rely on to boot up. The driver, according to Kaspersky, was digitally signed using the private cryptographic key belonging to a company called EldoS Corporation.

The malware also reports back to the attackers with information about the number of files that were destroyed, the IP address of the infected computer, and a random number. Information the malware authors used when developing it shows it resided in the Windows directory C:\Shamoon\ArabianGulf\wiper\release\wiper.pdb. Shamoon could be a reference to the Shamoon College of Engineering in Israel, although that's highly speculative, since Shamoon is the Arabic equivalent of the name Simon, Kaspersky's report said. It's unknown if Arabian Gulf has any connection to the malware attack on Saudi Aramco.

Shamoon was discovered on Thursday and has infected fewer than 50 systems. That's a tiny number, but given its focus on energy companies and its resemblance to software that reportedly targeted Iran's oil ministry, it's worth keeping an eye on.