CRITICAL MALWARE WARNING: Rombertik destroys your computer if it knows it is being audited!
Adam Milton-Barker | May 6, 2015 | Web Apps, Security & Hosting | 2572 As I have mentioned before we have moved into a very dangerous time for internet users, with hacks and viruses becoming more advanced, it really is a crucial time to learn about online security and keep up to date with the latest info and methods to protect yourself. Here is a classic example of what I am talking about. Rombertik is the next generation of malware that was discovered by Cisco Systems. Rombertik is spread through spam and phishing messages and is a very destructive type of malware. On installation of the malware it installs a lot of dummy data that is intended to make it look legitimate, this data also includes a massive amount of dummy functions and images that are never used, this is one of the reasons that makes it so hard to detect, there is that much dummy data there that is very hard for analysts to search through it all. Once the malware has been installed on a computer it then proceeds to do a number of checks to see if it has been detected, if it does, then it literally self destructs taking the affected computer with it. If the malware gets through your security systems it will then create a 32-bit hash of a resource in the computers memory and checks the resource and the compile time, if either have changed Rombertik will then self destruct and destroy your computer. During this process it will target your Master Boot Record (MBR) which is the part of your system that is used before loading up your operating system, if it cannot access that section it will then continue to encrypt your user's folder with a random key rendering them unusable. Rombertik will also try to avoid being sandboxed which is what most security systems do to until they complete checks on new installations. Rombertik, unlike other malware will stay awake and during this process and continue to write one byte of memory 960 million times, making it very hard for virus detection software to analyze it. We have seen this type of attack used before against South Korean targets and also against Sony Pictures in 2014. As Rombertik is sent using phishing scams and spam, it is time to remember the basics when it comes to dealing with emails and also time to become extra precautious, do not open any emails from people you do not know, when you get emails from your bank, Facebook, Paypal or any of the sites the use, simply delete the email and go to the websites themselves manually to see what the notifications are about. If you are not sure about phishing scams then make sure you take some time out to do a bit of research about them and how to protect yourself and your computer from them. For a more detailed description of this malware and the damage it does check out the related link above.