According to Symantec, Shamoon "is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable."
The firm suggested Shamoon is a two-stage attack: the attackers take control of an internal machine connected to the Web and use it as a proxy to the external Command-and-Control (C2) server, which infects other internal machines; once the other machines are infected, Shamoon is released, wiping the malware and stolen data.
