Windows Mac ForMac Answers Forum

New Malware Tries to Destroy the PC When Detected

V
  • Vlad Tiganasu,
  • 9 years ago
  • Editor Informer Technologies, Inc.

New Malware Tries to Destroy the PC When Detected New Malware Tries to Destroy the PC When Detected

It's been a while since I've scared you with new and horrific malware, hasn't it? Well, that's about to change as the guys from the Talos Groups (belonging to Cisco) recently discovered a new threat for our PCs. Rombertik (as it has been named) is designed to intercept, log and send everything that its victim types in the window of any browser. However, what makes the malware really special is that if it suspects it's being analysed, Rombertik will immediately attempt to take down as much of your PC as possible, and it can actually do some serious damage.

The malware can infect your computer through spam and phishing messages, so be careful what you click on. Once it finds its way to your hard-disk, this malicious program unpacks itself and runs several checks to see if has been detected. If it detects traces of malware analysis, Rombertik will instantly initiate its self-destruct sequence which ensures that it will take your machine down with it. The malware first targets your MBR (the Master Boot Record), and since this is the first sector used when rebooting, it will pretty much compromise your PC by placing it in a continuous loop. In case it cannot mess with the MBR, the malicious program will destroy all the files in the user's home folder by encrypting each of them with random RC4 keys. This basically means that every file saved in your Windows user folder will be gone for good.

If Rombertik wasn't already scary enough, when it installs itself, it unpacks around 75 images and 8,000 decoy functions which not only make it look like an actual legitimate application but will also complicate any attempt to detect what it is actually doing. Furthermore, the malware is designed to avoid sandboxing or code isolation practices as it writes one byte of data to memory 960 million times, which makes it even harder to analyze its behavior. According to the security company, similar malicious applications (dubbed wipers) have been used before in attacks against South Korean targets in 2013 and last year against Sony Pictures Entertainment.

Author's other posts

How to make your Mac kid-friendly?
Article
How to make your Mac kid-friendly?
A few tips on how to ensure your kids' safety while they're using Macs as well as on how to keep the machine safe from your children.
Samsung's next Galaxy phone is already up for reservations
News
Samsung's next Galaxy phone is already up for reservations
Even though Samsung hasn't announced the price of the upcoming Galaxy phone or its technical specifications, we can already make reservations and be among the first to receive it.
Find out which Android phones will be able to run Fortnite
News
Find out which Android phones will be able to run Fortnite
Curious to see if you'll be able to play the Android version of Fortnite on your phone? Here's the complete list of supported devices.
Facebook is trying out paid subscriptions for Groups
News
Facebook is trying out paid subscriptions for Groups
Facebook may have found a new way to monetize its Groups feature as it's getting ready to start testing paid subscriptions.