Connect with us

Hi, what are you looking for?

Tech & Science

New self-destructing virus kills computers when detected

Named Rombertik, the virus is spreading around the Internet in attachments on fake emails, according to a blogpost by Cisco security researchers Ben Baker and Alex Chiu. In the message that it was first discovered on, a company purporting to be the “Windows Corporation” promised “state-of-the-art manufacturing quality processes” once you open the attachment to view the “specifications” for the products.
The attachment, made to look like an ordinary PDF document, actually contained the Rombertik malware though. The infection begins by Rombertik checking whether virus detection software is installed and only continuing if it is not. It then decrypts and uninstalls itself before overwriting that installation with a new one to prevent anti-virus software from noticing it.
With the complex installation complete, Rombertik does one last check to see if a detection program is running in memory before it finally begins to spy on users in their web browsers, stealing login data including usernames and passwords as well as other confidential information on the computer. The BBC reports that data was “indiscriminately” collected and sent to the attackers.
Once the program is started, Rombertik continues to frequently check whether it has been detected or not. If it finds that its plan has been foiled, it deletes the Windows Master Boot Record — a critical system file. It then reboots the machine.

The Rombertik malware wipes hard drives when detected

The Rombertik malware wipes hard drives when detected
Cisco


This puts the computer into an endless reboot loop as it is impossible for Windows to load without the Master Boot Record. Restoring the computer requires a reinstall of Windows which could result in the loss of data if the machine is not correctly backed up.
If it fails to delete the Master Boot Record, it opts for an alternative method of destruction and wipes everything in the current user’s folder. If it successfully deletes the Record, the computer becomes inoperable and displays the message “Carbon crack attempt, failed” on the screen.
Rombertik is an abnormal form of malware. Most viruses try not to draw attention to themselves. In comparison, Rombertik seems paranoid, continually afraid of detection and ready to use force should that happen. This makes it very hard for security engineers to crack — as soon as they start meddling about, the malware sees that and destroys the system.

Written By

You may also like:

Tech & Science

Under new legislation that passed the House of Representatives last week, TikTok could be banned in the United States.

Social Media

Wanna buy some ignorance? You’re in luck.

Life

Platforms like Instagram and Pinterest often suggest travel destinations based on your likes and viewing habits.

Business

United Airlines CEO Scott Kirby said the carrier was reviewing recent incidents and would redouble safety initiatives as needed - Copyright AFP Logan CyrusUnited...