Security experts are warning of newly discovered information-stealing malware designed to render the victim’s machine useless by destroying its master boot record if it believes it’s being analyzed by security tools.
Rombertik is a complex piece of malware designed to steal information from a user’s browser in a similar way to banking trojan Dyre, according to Cisco. It typically propagates via spam and phishing emails, using social engineering to trick the user into opening a malicious attachment.
However, it features “several layers of obfuscation along with anti-analysis functionality” designed to foil security researchers, the vendor said in a blog post.
The first is to include a large volume of “garbage code” – 97% in fact – designed to make the packed file appear legitimate and “overwhelm analysts by making it impossible to look at every function.”
It also tries to evade sandboxing – attempting to delay execution by writing a byte of random data to memory 960 million times.
This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/news/rombertik-malware-destroys-hard/
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP Recruitment, BI & Data Recruitment, Information Security Recruitment, IT Architecture & Strategy Recruitment , Energy Technology Recruitment, Demand IT and Business Engagement Recruitment, Digital and E-commerce Recruitment, Leadership Talent, Infrastructure and Service Delivery Recruitment, Project and Programme Delivery Recruitment.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.