The first known attack appears to be with the Saudi Arabian national oil company (Saudi Aramco). Although the company have not officially announced this, they were forced to isolate their computer network on August 15.
According to InfoSecurity, the following day, IT security companies, such as Seculert, released the information about the Shamoon virus. The malicious code is transmitted through the Internet and then proceeds to move through networked computers, targeting computers which are not Internet connected. As data is removed it is sent back to the hacker’s central computer. Symantec, who make antiviral software, has reported that it replaces the stolen files with corrupted JPEG images.
The malware affects Window 95, Windows 98, Windows XP, Windows 2000, Windows Vista, Windows NT, Windows ME, Windows 7, Windows Server 2003 and Windows Server 2008 machines.
When the work of the virus was complete the attacker executed the module which wiped all the evidence of its work and the virus itself. All in all, TechRadar summarize the virus as a “dropper, wiper and reporter.”
The motivation for constructing such a virus, which renders infected computers unusable, is unclear.
Ref : DigitalJournal