The Broadband Guide
search advanced
 forgot password?

Rombertik virus destroys Windows when detected

2015-05-07 09:55 by
Tags: ,


Researchers have found a new malware that attempts to steal information, such as log-in credentials and personal information but also deletes the master boot record—or all user files—to avoid detection.

The spyware, called Rombertik, is detected by ESET as Win32/Spy.Agent.OLJ. It has "multiple layers of obfuscation and anti-analysis functionality". It is being spread through spam and phishing messages, according to Cisco's researchers.

"At a high level, Rombertik is a complex piece of malware that is designed to hook into the user's browser to read credentials and other sensitive information for exfiltration to an attacker controlled server, similar to Dyre," Cisco's researchers add. "However, unlike Dyre which was designed to target banking information, Rombertik collects information from all websites in an indiscriminate manner."

"The interesting bit with Rombertik is that we are seeing malware authors attempting to be incredibility evasive," Alexander Chiu, a threat researcher with Cisco, said. "If Rombertik detects it's being analyzed running in memory, it actively tries to trash the MBR of the computer it's running on. This is not common behavior."

The infection begins by Rombertik checking whether anti-virus software is installed and only continuing if it is not. Then it installs a second copy of itself which contains the real payload. If it detects that it is being analyzed, the malware attacks the master boot record and tries to destroy the computer and prevent it from being used.

Here's what Cisco recommends to users in order to protect themselves:

"Good security practices, such as making sure anti-virus software is installed and kept up-to-date, not clicking on attachments from unknown senders, and ensuring robust security policies are in place for email (such as blocking certain attachment types) can go a long way when it comes to protecting users. However, a defense in depth approach that covers the entire attack continuum can help identify malware and assist in remediation in the event that an attacker finds a way to evade detection initially."

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About