{"id":9453,"date":"2015-05-05T10:23:17","date_gmt":"2015-05-05T14:23:17","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=9453"},"modified":"2015-05-05T10:23:17","modified_gmt":"2015-05-05T14:23:17","slug":"self-destructing-virus-kills-off-pcs","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/self-destructing-virus-kills-off-pcs\/","title":{"rendered":"Self-destructing virus kills off PCs"},"content":{"rendered":"<h1 class=\"story-body__h1\">Self-destructing virus kills off PCs<\/h1>\n<p><span style=\"text-decoration: underline;\"><a href=\"http:\/\/www.bbc.com\/news\/technology-32591265\" target=\"_blank\">From BBC Technology<\/a><\/span><\/p>\n<div class=\"story-body__inner\">\n<blockquote>\n<figure class=\"media-landscape full-width has-caption lead\"><img loading=\"lazy\" decoding=\"async\" class=\"js-image-replace\" src=\"http:\/\/ichef.bbci.co.uk\/news\/660\/media\/images\/82777000\/jpg\/_82777974_004012361-1.jpg\" alt=\"Computer hard disk\" width=\"512\" height=\"288\" \/><figcaption class=\"media-caption\"><span class=\"media-caption__text\">The malware also tries to fool security tools by flooding hard drives with data<\/span><\/figcaption><\/figure>\n<p class=\"story-body__introduction\">A computer virus that tries to avoid detection by making the machine it infects unusable has been found.<\/p>\n<p>If Rombertik&#8217;s evasion techniques are triggered, it deletes key files on a computer, making it constantly restart.<\/p>\n<p><a class=\"story-body__link-external\" href=\"http:\/\/blogs.cisco.com\/security\/talos\/rombertik\">Analysts said Rombertik<\/a> was &#8220;unique&#8221; among malware samples for resisting capture so aggressively.<\/p>\n<p>On Windows machines where it goes unnoticed, the malware steals login data and other confidential information.<\/p>\n<h2 class=\"story-body__crosshead\">Endless loop<\/h2>\n<p>Rombertik typically infected a vulnerable machine after a booby-trapped attachment on a phishing message had been opened, security researchers Ben Baker and Alex Chiu, from Cisco, said <a class=\"story-body__link-external\" href=\"http:\/\/blogs.cisco.com\/security\/talos\/rombertik\">in a blogpost<\/a>.<\/p>\n<p>Some of the messages Rombertik travels with pose as business enquiry letters from Microsoft.<\/p>\n<p>The malware &#8220;indiscriminately&#8221; stole data entered by victims on any website, the researchers said.<\/p>\n<p>And it got even nastier when it spotted someone was trying to understand how it worked.<\/p>\n<p>&#8220;Rombertik is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis,&#8221; the researchers said.<\/p>\n<p>The malware regularly carries out internal checks to see if it is under analysis.<\/p>\n<p>If it believes it is, it will attempt to delete an essential Windows system file called the Master Boot Record (MBR).<\/p>\n<p>It will then restart the machine which, because the MBR is missing, will go into an endless restart loop.<\/p>\n<p>The code replacing the MBR makes the machine print out a message mocking attempts to analyse it.<\/p>\n<p>Restoring a PC with its MBR deleted involves reinstalling Windows, which could mean important data is lost.<\/p>\n<p>Rombertik also uses other tricks to foil analysis.<\/p>\n<p>One involves writing a byte of data to memory 960 million times to overwhelm analysis tools that try to spot malware by logging system activity.<\/p>\n<p>Security expert Graham Cluley said destructive viruses such as Rombertik were quite rare.<\/p>\n<p>&#8220;It&#8217;s not the norm,&#8221; he said.<\/p>\n<p>&#8220;That&#8217;s because malware these days doesn&#8217;t want to draw attention to itself, as that works against its typical goal &#8211; to lie in wait, stealing information for a long time.&#8221;<\/p><\/blockquote>\n<p><strong><span style=\"text-decoration: underline;\"><a href=\"http:\/\/www.bbc.com\/news\/technology-32591265\" target=\"_blank\">Source: BBC Technology<\/a><\/span><\/strong><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Self-destructing virus kills off PCs From BBC Technology The malware also tries to fool security tools by flooding hard drives with data A computer virus that tries to avoid detection by making the machine it infects unusable has been found. If Rombertik&#8217;s evasion techniques are triggered, it deletes key files on a computer, making it constantly restart. Analysts\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.thundercloud.net\/infoave\/new\/self-destructing-virus-kills-off-pcs\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1433,1669,1426,1656,1674],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/9453"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=9453"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/9453\/revisions"}],"predecessor-version":[{"id":9454,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/9453\/revisions\/9454"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=9453"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=9453"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=9453"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}