Rombertik Malware Virus: New self-destructing virus kills computers when detected. If it finds that its plan has been foiled, it deletes the Windows Master Boot Record (MBR)- a critical system file. It then reboots the machine.
A new form of self-destructing virus has been
discovered with a unique agenda. The malware can work out when
anti-virus programs have detected it and then renders the computer
unusable so that it can keep on operating.
Named Rombertik, the virus is spreading around the Internet in attachments on fake emails, according to a blogpost
by Cisco security researchers Ben Baker and Alex Chiu. In the message
that it was first discovered on, a company purporting to be the "Windows
Corporation" promised "state-of-the-art manufacturing quality
processes" once you open the attachment to view the "specifications" for
the products.
The attachment, made to look like an ordinary PDF document, actually
contained the Rombertik malware though. The infection begins by
Rombertik checking whether virus detection software is installed and
only continuing if it is not. It then decrypts and uninstalls itself
before overwriting that installation with a new one to prevent
anti-virus software from noticing it.
With the complex installation complete, Rombertik does one last check to
see if a detection program is running in memory before it finally
begins to spy on users in their web browsers, stealing login data
including usernames and passwords as well as other confidential
information on the computer. The BBC reports that data was "indiscriminately" collected and sent to the attackers.
Once the program is started, Rombertik continues to frequently check
whether it has been detected or not. If it finds that its plan has been foiled, it deletes the Windows Master Boot Record — a critical system file. It then reboots the machine.
This puts the computer into an endless reboot loop as it is
impossible for Windows
to load without the Master Boot Record. Restoring the computer requires
a reinstall of Windows which could result in the loss of data if the
machine is not correctly backed up.
If it fails to delete the Master Boot Record, it opts for an alternative
method of destruction and wipes everything in the current user's
folder. If it successfully deletes the Record, the computer becomes
inoperable and displays the message "Carbon crack attempt, failed" on the screen.Rombertik is an abnormal form of malware. Most viruses try not to draw
attention to themselves. In comparison, Rombertik seems paranoid,
continually afraid of detection and ready to use force should that
happen. This makes it very hard for security engineers to crack — as
soon as they start meddling about, the malware sees that and destroys the system.
More about Computer, Virus, Malware, Detection, Evasion | |
No comments:
Post a Comment