Malware Destroys PCs When Detected


A recently discovered strain of malware has been found to be capable of erasing a systems hard drive -upon detection.–PC Pitstop

Malware Destroys PCs When Detected

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

InfoSec researchers at Cisco’s TALOS group discovered a strain of malware that spreads through phishing. Attackers use social engineering tactics to entice users to download, unzip, and open the attachments that ultimately result in the user’s compromise. The strain is dubbed Rombertik, monitors everything that happens inside an infected machine’s browser and exfiltrates it to a server controlled by the attacker, similar to Dyre. However, when it detects that it is being analyzed, it takes extreme evasive action; it wipes the Master Boot Record (MBR) and home directories, trapping the machine in an infinite boot loop. Here is an example phishing attack (screenshot courtesy Cisco).

Article Continued Here

Rombertik is a complex piece of malware with several layers of obfuscation and anti-analysis functionality that is ultimately designed to steal user data. Good security practices, such as making sure anti-virus software is installed and kept up-to-date, not clicking on attachments from unknown senders, and ensuring robust security policies are in place for email (such as blocking certain attachment types) can go a long way when it comes to protecting users.
Cisco TALOS group report

101 total views, 1 views today

(Visited 12 times, 1 visits today)

15 thoughts on “Malware Destroys PCs When Detected

  1. just to add, make the windows image copy on a dvd using the windows backup/recovery programs. You should make some restore points periodically anyhow using windows programs (go into control panel and you'll find it).

  2. Make sure you have an image copy of your o/s on a dvd. Just do it. Don't think about it. Just do it.

    Then, download a small linux o/s (puppy, mint, lubuntu etc) onto a USB and just boot of that for browsing. So you're using the hardware but not windows.

    You can still use your cloud drive resources which for most stuff is fine and is where all your docs should be anyhow.

    You can use external drives (for photos for example), but just use windows for when you really have to eg for certain windows programs. Bet you stop using windows within a year.

    If anything gets infected on the usb o/s (unlikely on linux anyhow), then you just wipe the USB and re-download it as you did in the beginning.
    Simples.

  3. you can fix mbr’s – search youtube. varies between EFI and traditional MBR disk installs. But you may struggle and have to re-install.

    But always have an image backup of your o/s either on a usb or cheaper, on a dvd.
    All your docs should be in the cloud (dropbox, google drive etc), and backup your photos onto an external drive.

    Remember testdisk and other tools may allow you to copy off data but don’t rely on it.

    Problem with windows is their recovery methods aren’t great if the pc won’t boot. You really have to have the image copy.

    Can we have stricter jail terms for virus writers? eg 10 years min. ? and some tracking down resources?

  4. If you have anti-virus on it now if it's a name anti-virus your probably ok. If not get a good anti-virus and remove current and install your new one. Then you know for sure you have good anti-virus.

  5. Arizona Marek F11 varies based on computer manufacturer and model. If you can get it to boot from a CD or USB rescue media made with your backup program you can likely restore it just fine.

  6. Um…for the average consumer user maybe, but with an Enterprise client/customer base and endpoints and with Symantec Endpoint Protection (SEP) 12.1.x fully armed with ALL Protection Technologies (AV/AS with advanced Application and Device Control (ADC), SONAR, Download Insight, Network Threat Protection (NTP)(Firewall and Intrusion Prevention) enabled and deployed, I confidently say CHECKMATE. http://www.symantec.com/security_response/writeup.jsp?docid=2015-050517-4726-99

  7. so lets make this clear malware destroys?????? Speak clear ….. You have me confused as to download it or not!!!!

  8. To be clear, this malware does not "destroy" the PC. That was added to the headline here, the full article is correct: it effectively erases the hard drive only – restoring from an image backup taken prior to the infection will fix you right up. Many people read "destroy" as physical destruction, which in this case is simply wrong.

  9. Let’s be clear: it does NOT “destroy your PC”.

    Many people read that to mean physical destruction, and that’s simply not the case. The malware simply destroys the *contents* of the hard drive or computer. Restoring to the most recent image backup, of course, fixes this right up.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.