As a general rule, computer viruses pretty much suck. Most
of them sneak in, infiltrate your hard drive, and run quietly in the background
so they can do their dirty deeds. But a new malware, Rombertik, automatically
self-destructs if it’s detected by your computer or your antivirus protocols,
dragging your hard drive down with it. Instead of stopping the attack,
Rombertik goes into a constant reboot mode and causes your hard drive to
startup over and over.
According to TechTimes, “The Rombertik executable contains a massive
amount of ‘garbage code,’ which the malware does not utilize. This aids it in
inflating the volume of the code, which analysts need to assess and review,
succeeding in confusing identification processes.
“The malware also writes a single byte of arbitrary data to the memory a
whopping 960 million times. This is effective in misleading sandboxes into
thinking the virus to be a regular program. It ends up growing the data log to
over 100GB, which is a time-consuming process and further complicates the
analysis and detection of the malware.”
Fortunately, there are a few things you can do about it. First, Rombertik is
spread almost predominantly through phishing emails, so do not click on any
link sent to you unexpectedly, even from a contact whom you think you know. The
sender may have been hacked and his email used to spread malicious links. The
same goes for opening unsolicited attachments. Also, making sure your antivirus
software is up-to-date can help prevent its taking hold in the first place.
“Rombertik has been identified to propagate via spam and phishing messages
sent to would-be victims … At a high level, Rombertik is a complex piece of
malware that is designed to hook into the user’s browser to read credentials
and other sensitive information for exfiltration to an attacker controlled
server, similar to Dyre. However, unlike Dyre which was designed to target
banking information, Rombertik collects information from all websites in an
indiscriminate manner,” explained Ben
Baker and Alex Chiu of Cisco.
No comments:
Post a Comment