LOOK OUT Rombertik malware.

New trojan/virus/malware called Rombertik is on the war path. Cisco has warned that a new strain of malware is designed to render a Windows computer virtually useless if it's discovered by security software, It destroys all user data on the hard drive.

Cisco says that Rombertik has "multiple layers of obfuscation and anti-analysis functionality" meaning that it is hard to discover and hard to examine. It's able to hide itself from both static and dynamic analysis, which respectively scan a computer's files and its currently active applications. Once Rombertik runs it will catch users passwords, usernames etc as they are entered into the browser.

Conclusion

Rombertik is a complex piece of malware with several layers of obfuscation and anti-analysis functionality that is ultimately designed to steal user data. Good security practices, such as making sure anti-virus software is installed and kept up-to-date, not clicking on attachments from unknown senders, and ensuring robust security policies are in place for email (such as blocking certain attachment types) can go a long way when it comes to protecting users. However, a defense in depth approach that covers the entire attack continuum can help identify malware and assist in remediation in the event that an attacker finds a way to evade detection initially. Make sure you have good backups that you can fall back to if you do get caught out.



Thursday, May 7, 2015





« Back