David_B wrote:

> The attacks, which have been described as a "pre-9/11 moment", used
> a virus called Shamoon which can spread through computer networks
> and overwrite files.

Probably doesn't function correctly under win-98.

The method it uses to over-write the mbr probably doesn't work on a
FAT32 file system.

http://www.securelist.com/en/blog/20...etails_Part_II

=================
The main Shamoon module has a resource PKCS7:113 that maintains an
executable which is saved to disk as %WINDIR%\System32\NETINIT.EXE and
this program poses a module to communicate with CNC.
=================

I can find absolutely no mention anywhere on the net as to how the file
"netinit.exe" is placed and then executed on a comprimised system...

.............

Why does David_B cross-post to alt.politics.scorched-earth?

Why does he not include either alt.comp.virus or alt.comp.anti-virus in
what is obviously a viral-focused subject? Why does he instead post
these to alt.comp.privacy?