Investers stand in front of the Saudi Aramco logo in 2016. Photo: Fayez Nureldine / AFP via Getty Images.

Shamoon, the rarely seen but destructive malware that was used to wipe Saudi Aramco's servers in 2012, may be back in play, according to Chronicle, Alphabet's cybersecurity arm.

Why it matters: There are only three known times Shamoon variants have been used in the wild (and one of those instances is in dispute), with the Saudi incident the most famous. If the rare malware is back, it's an ominous sign.

Chronicle discovered a file containing Shamoon uploaded to its VirusTotal database. VirusTotal runs free scans on files using major antivirus scanners. The antivirus companies, in return, get access to valuable samples of malware that get uploaded.

  • The new Shamoon was set to detonate on Dec. 7, 2017, at 11:51 pm, but only uploaded yesterday.
  • Chronicle notes that attackers may have set the attack date to the past — perhaps by changing 2018 to 2017 — in order to start an attack immediately.
  • Another possibility, said Brandon Levene, head of applied intelligence at Chronicle, is that the malware was compiled in the past as part of preparations for a later attack.

The intrigue: "This variant is very strange," noted Levene.

  • All other Shamoon samples traveled through a network using pre-programmed credentials.
  • This sample has no pre-programmed credentials — it's limited to the computer it's first installed on.
  • Levene also said the command and control infrastructure — the internet address list allowing the malware to communicate with the hackers — was also blank.
  • "It's odd that those components aren't there," said Levene. "The attackers may have a different connection to the host network and thought manually installing Shamoon would make more sense."

Other differences include the way the malware goes about deleting files.

  • Shamoon in the past has replaced all files with images that had political significance. The new attacks irreversibly encrypt the files.

The file containing Shamoon was uploaded to VirusTotal from Italy.

  • Chronicle noted in a statement: "While Chronicle cannot directly link the new Shamoon variant to an active attack, the timing of the malware files comes close to news of an attack on an Italian energy corporation with assets in the Middle East."

Shamoon famously wipes the hard drives of networked computers after sending the attacker a list of the filenames that will be deleted. But in this latest variant of Shamoon, the lack of access to command and control servers means that function no longer works.

Go deeper

Supreme Court won't block Rhode Island's eased absentee voting rules

Photo: Robert Nickelsberg/Getty Images

The Supreme Court said Thursday that it will not block Rhode Island's move to ease its requirements for absentee voting during November's election.

Why it matters: The decision is a loss for Republicans, who had requested an emergency order as the state is expected to begin mailing out its ballots.

Breaking down Uber and Lyft's threat to suspend services in California

Illustration: Lazaro Gamio/Axios

Uber and Lyft are ratcheting up the fight with California’s state government over the classification of drivers with a move that would deprive Californians of their ride-hailing services (and halt driver income).

Driving the news: On Wednesday, both companies said that if a court doesn’t overturn or further pause a new ruling forcing them to reclassify California drivers as employees, they’ll suspend their services in the state until November’s election, when voters could potentially exempt them by passing a ballot measure.

Trump announces normalization of ties between Israel and UAE

Israel Prime Minister Netanyahu, Trump and UAE Crown Prince Mohammed bin Zayed. Photo: Artur Widak/NurPhoto; Samuel Corum; Odd Andersen/AFP via Getty Images

President Trump announced a "historic" deal Thursday which will see Israel and the UAE open full diplomatic relations and Israel suspend its annexation plans in the West Bank.

Why it matters: This is a major breakthrough for Israel, which lacks diplomatic recognition in many Middle Eastern countries but has been steadily improving relations in the Gulf, largely due to mutual antipathy toward Iran.