<P> Shamoon made a surprise comeback in November 2016 according to Symantec, and it was involved in a new attack on 23 January 2017 . </P> <P> The malware had a logic bomb which triggered the master boot record and data wiping payload at 11: 08 am local time on Wednesday, August, 15 . The attack occurred during the month of Ramadan in 2012 . It would appear that the attack was timed to occur after most staff had gone on holiday reducing the chance of discovery before maximum damage could be caused, hampering recovery . </P> <P> Shamoon uses a number of components to infect computers . The first component is a dropper, which creates a service with the name' NtsSrv' to remain persistent on the infected computer . It spreads across a local network by copying itself on to other computers and will drop additional components to infected computers . The dropper comes in 32 - bit and 64 - bit versions . If the 32 - bit dropper detects a 64 - bit architecture, it will drop the 64 - bit version . The malware also contains a disk wiping component, which utilizes an Eldos - produced driver known as RawDisk to achieve direct user - mode access to a hard drive without using Windows APIs . The component overwrites files with portions of an image; the 2012 attack used an image of a burning U.S. flag, while the 2016 attack used a photo of the body of Alan Kurdi . </P>

Saudi aramco breach(cyber attack) in details