Rombertik–A new nightmare.

from JoeUser Forums

 

Virus analysts are having a nightmare with this one as it self destructs when it detects efforts at analysis.

“Security researchers at Cisco have published new research on a malware, named Rombertik, which will go out of its way to avoid getting analyzed by deleting essential data in the Windows system file called the Master Boot Record (MBR) sending the computer into an endless reboot loop.

The malware also attempts to fool the researchers' sandboxing tools by writing a random byte of data to the system's memory over 960 million times.” – Neowin

The virus appears to be stupid (apart from that part above) since it steals random info like logons and personal data, but it doesn’t maintain its cover…which is the goal of most spyware: It hooks into your browser taking your info from websites and forms you fill out. It is transmitted through emails with attachments which appear to be some sort of pdf but which is actually a .scr screensaver executable which contains the virus.

If you wish to learn more about it, go here: http://blogs.cisco.com/security/talos/rombertik

Source:

http://www.neowin.net/news/a-new-virus-will-self-destruct-when-analyzed-by-researchers

22,858 views 6 replies
Reply #1 from WinCustomize Forums Top

Nasty stuff.

Reply #2 from WinCustomize Forums Top

Patching MBR is so old for viruses.Thinking that UEFI would make this harder is false.

Since uefi loads also the windows or other boot manager from disk and then we have the good old mbr!! .

And well its like a sucessor of the old Stoned-Virus for dos  ...

Fences - Organize your desktop icons today!
Reply #3 from WinCustomize Forums Top

Actually, this one is more like Dyer, only not specifically for banking info and in addition its defensive modules which are quite sophisticated.

Reply #4 from Elemental Forums Top

Will it never end?  Do we need to sat up cyber walls at the 'border?'

Reply #5 from WinCustomize Forums Top

Always something. :(

Reply #6 from WinCustomize Forums Top

Quoting WOM, reply 5

Always something.

Yeah,

i bet there would be always viruses. 

Viruses are small and our internet gets faster, so they can even get bigger. 

Its not important if viruses are there or not, and  the problem is coming from the user itself  in some cases.But hope there  won`t be  real nasty viruses stealing personal data or wiping the disc in future. These programs are absolutely not funny.

If you really want to use the internet excessivly and are having viruses every second , i guess   its recommended to use a system like linux or free bsd, even better a browser you did modify<a bit yourself and all of that on a vm on a cheap laptop through a vpn using a proxy. guess no one  has the time to do that, but well even then you can attack bash and the kernel or X-Server.

 

regards bluedxca93