A recently discovered strain of malware has been found to be capable of erasing a systems hard drive -upon detection.–PC Pitstop
Malware Destroys PCs When Detected
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
InfoSec researchers at Cisco’s TALOS group discovered a strain of malware that spreads through phishing. Attackers use social engineering tactics to entice users to download, unzip, and open the attachments that ultimately result in the user’s compromise. The strain is dubbed Rombertik, monitors everything that happens inside an infected machine’s browser and exfiltrates it to a server controlled by the attacker, similar to Dyre. However, when it detects that it is being analyzed, it takes extreme evasive action; it wipes the Master Boot Record (MBR) and home directories, trapping the machine in an infinite boot loop. Here is an example phishing attack (screenshot courtesy Cisco).
Rombertik is a complex piece of malware with several layers of obfuscation and anti-analysis functionality that is ultimately designed to steal user data. Good security practices, such as making sure anti-virus software is installed and kept up-to-date, not clicking on attachments from unknown senders, and ensuring robust security policies are in place for email (such as blocking certain attachment types) can go a long way when it comes to protecting users.—Cisco TALOS group report
