Offshore Outsourcing & Scammer
Blog about offshore outsourcing and scammer in the outsourcing industry
Rombertik: Malware deletes itself during discovery - together with the hard drive content
by Rudolf Faix Wednesday, May 6, 2015 1:43 PM

Rombertik VirusOne tricky and complex programmed malicious software collects data from Internet users. if she gets discovered she swallows a digital cyanide pill.

Security researchers of the Talos Group, a division of the network equipment supplier Cisco Systems have discovered a Windows malware that has taken great care to cover up traces of their activities. "Rombertik", as the malware gets called from the experts, captures everything a user is doing with his computer on the Internet. If the malware believes that she got discovered, she makes the hard drive of the affected computer unusable and destroyed so herself.

Another feature of the digital pest is that it's not only searching for user name / password combinations of bank accounts. The malware is recording characterized obviously completely unfiltered everything what the respective users is doing with the infected computers on the Internet.

The distribution channel is not new: Rombertik gets distributed as an e-mail attachment from spam or phishing mails. According to the Talos Group, this emails are especially clever constructed and fooling the users easily. The infected emails mimics the sender "Windows Corporation" as shown by one example of the report

Camouflage by deleting

Noticeable is the elaborate camouflage with which the pest trying to protect themselves from detection. It works on several levels: If a user installs unconsciously the pest, Rombertik analyzes first the environment and checks if it is running in a "Sandbox" environment, an isolated area or the PC, which has no impact to the rest of the computer. Antivirus software uses such a sandbox to analyze suspicious software.

Only when this is excluded, the malware continues her installation. Before the malware starts her work, she is testing if she gets watched by a virus scanner. If so, she attempts to delete the so-called master boot record on the hard disk of the computer to make it unusable. If that does not work, Rombertik encrypts all user data on the boot hard drive of the computer for making them useless and brings the PC to fall into an endless loop of reboots.

Fogging by deflecting

Even if it does not come so far, Rombertik makes the work analysis software difficult: In order not to attract attention, the malware hides itself. Is the 28 kB small installation package gets unpacked, it is 1264 kilobytes long and leads to believe of 8000 program features. Although these are not getting used but makes the analysis extremely complex.

To ensure that the program does not get discovered or it is supposed to run in a sandbox, it uses another perfidious trick: Rombertik writes a file from one byte in a memory sector - 960 million times. Only by logging these processes would result in a log file of 100 gigabyte size explains Talos.

The report of the Talos group says nothing about the spread of Rombertik. User should follow the common recommendations:

Don’t click on links or attachments in emails from unknown senders and use an up to date security software.

 

Tags: , , , , , , , , ,

Security

360 Total Security - powerful and free of charge
by Rudolf Faix Tuesday, March 31, 2015 9:12 AM

"360 Total Security" is a free security suite of China company Qihu (also called Qihoo), which will protect your PC from viruses, trojans, other emerging threats from the network and ensures better performance of your system.

QihooThe essential component is the virus scanner: With up to five different engines - including the Bitdefender and Avira. Real-time protection ensures that harmful files not reach your computer.

Whether you are shopping online, downloading files or chatting with your friends you can be sure that 360 Total Security is there to keep you safe and your computer optimized. Clean-up utility is just one click away to keep your PC in optimal condition.

 

  • Virus Scan
    Integrating award winning antivirus engines from 360 Cloud Engine,360 QVMII, Avira and Bitdefender to provide you with the ultimate in Virus detection and protection capabilities.

  • Protection
    Protection offers 4 different user selectable modes - Performance/Balanced/Security and Custom. Each mode offers a different level of protection from malware, phishing attacks and backdoors.

  • Cleanup
    Cleanup frees your disk space by removing junk files and plugin which can improve system performance - With cleanup you can decide which areas and files to clean.

  • Speedup
    Manage and optimize your system services, boot up items and plugins - Shorten your boot time and get going sooner!

 

You can download 360 Total Security from http://www.360totalsecurity.com/en/download-free-antivirus/360-total-security/

 

 

Tags: , , , , ,

Security

Filter by APML

AboutMe

I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.

Disclaimer

All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis and is only representing my own opinion. By browsing or using content from this site you accept the full legal disclaimer of this website.