May 5, 2015
Researchers have uncovered new malware that takes extraordinary measures to evade detection and analysis, including deleting all hard drive data and rendering a computer inoperable.
Rombertik, as the malware has been dubbed by researchers from Cisco Systems’ Talos Group, is a complex piece of software that indiscriminately collects everything a user does on the Web, presumably to obtain login credentials and other sensitive data. It gets installed when people click on attachments included in malicious e-mails. Talos researchers reverse engineered the software and found that behind the scenes Rombertik takes a variety of steps to evade analysis. It contains multiple levels of obfuscation and anti-analysis functions that make it hard for outsiders to peer into its inner workings. And in cases that main yfoye.exe component detects the malware is under the microscope of a security researcher or rival malware writer, Rombertik will self-destruct, taking along with it the contents of a victim’s hard drive.