• Home
  • News
  • New Malware Tries to Destroy the PC When Detected

New Malware Tries to Destroy the PC When Detected New Malware Tries to Destroy the PC When Detected

It's been a while since I've scared you with new and horrific malware, hasn't it? Well, that's about to change as the guys from the Talos Groups (belonging to Cisco) recently discovered a new threat for our PCs. Rombertik (as it has been named) is designed to intercept, log and send everything that its victim types in the window of any browser. However, what makes the malware really special is that if it suspects it's being analysed, Rombertik will immediately attempt to take down as much of your PC as possible, and it can actually do some serious damage.

The malware can infect your computer through spam and phishing messages, so be careful what you click on. Once it finds its way to your hard-disk, this malicious program unpacks itself and runs several checks to see if has been detected. If it detects traces of malware analysis, Rombertik will instantly initiate its self-destruct sequence which ensures that it will take your machine down with it. The malware first targets your MBR (the Master Boot Record), and since this is the first sector used when rebooting, it will pretty much compromise your PC by placing it in a continuous loop. In case it cannot mess with the MBR, the malicious program will destroy all the files in the user's home folder by encrypting each of them with random RC4 keys. This basically means that every file saved in your Windows user folder will be gone for good.

If Rombertik wasn't already scary enough, when it installs itself, it unpacks around 75 images and 8,000 decoy functions which not only make it look like an actual legitimate application but will also complicate any attempt to detect what it is actually doing. Furthermore, the malware is designed to avoid sandboxing or code isolation practices as it writes one byte of data to memory 960 million times, which makes it even harder to analyze its behavior. According to the security company, similar malicious applications (dubbed wipers) have been used before in attacks against South Korean targets in 2013 and last year against Sony Pictures Entertainment.