Rombertik Malware Can Overwrite MBR if Audited

Cyber Security

A new strain of spyware that logs keystrokes and steals data has a destructive side to it, unleashing wiper capabilities if it detects it’s being analyzed and audited.

A limited number of samples of the malware, dubbed Rombertik by researchers at Cisco Talos, were spotted at the start of the year. That relatively small number indicates it could have been used in targeted attacks at the outset, but Craig Williams, security outreach manager at Cisco, said attacks are more widespread now, and are not focused on any particular vertical or geographic location.

“It sounds cliché, but this is really a digital arms race and we’re seeing the next evolution of it here,” Williams said. “They’re no longer content with detect-and-shut-down, now if malware realizes it’s being audited, the binary will destroy the system. It’s a simple case of attackers trying to dissuade researchers from going after a sample.”

Rombertik Malware Can Overwrite MBR if Audited Rombertik Malware…

View original post 617 mots de plus

Publicités

Laisser un commentaire

Choisissez une méthode de connexion pour poster votre commentaire:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s