Gadgets Magazine

Rombertik Malware Will Erase Your Hard Drive to Avoid Detection

Posted on the 05 May 2015 by Nrjperera @nrjperera

A team of researchers at Cisco’s Talos Group were the first to spot this malware named “Rombertik.” The malware is usually found to invade computers through email attachments to spy on user’s web activity and steal login information.

malware-spam-emailA sample spam email that was used to propagate Rombertik

While performing an analysis, Talos researchers found a strange activity with the malware which has initiated an anti-analysis function to erase the infected hard drive completely to avoid detection and analysis. After the automatic erase, the computer will restart and get stuck until the user re-installs the operating system.

“As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples. Better static, dynamic, and automated analysis tools have made it more difficult for attackers to remain undetected. As a result, attackers have been forced to find methods to evade these tools and complicate both static and dynamic analysis,” explains Talos group.

Rombertik malware not only put user data on danger, but also makes things much harder for anti virus software to detect the malware.

Rombertik-malware(click to enlarge)

Read Also: The NSA Has Used Fake Websites to Install Malware on PCs

Head over to Cisco blog for more information.

[ Via: Ars Technica / Source: Cisco Blogs ]
(All images, trademarks shown on this post are the property of their respective owners)

Follow @nrjperera – Roshan Jerad Perera



Back to Featured Articles on Logo Paperblog