June 29, 2015

Cybersecurity experts have come up with a new self-destructive virus, Rombertik, which is remarkably inimitable with respect to its functionality and perplexity. Identified by Cisco’s Talos Security Intelligence and Research Group, the deadly virus has been designed to decode any text entered into the user’s internet browser. It aims at stealing user names, passwords, bank account details, credit card codes and other sensitive information. Also known as the ‘suicide virus’, Rombertik attempts to destroy the infected computer if it gets detected.

How Does Rombertik Work?   

Rombertik mainly targets a user’s computer through spam emails. When a user downloads the attachment files that accompany these emails, the virus installs itself on the device. Initially, Rombertik performs some checks to confirm it is not running inside the sandbox, after which it starts with its execution. What makes Rombertik different from other malware is its bloated file size. As stated by Talos, the unpacked version of Rombertik is merely 28 KB whereas the packed file is more than 1 MB. This implies that almost 97 percent of the data in packed version is included just to make the file look legitimate.

The malware Rombertik is self-aware, meaning that it recognizes if the user tries to dismiss it with anti-virus software. In an attempt to avoid detection, the virus starts to destroy itself along with the computer’s Master Boot Record (MBR), rendering it unusable.

How Does Rombertik Remain Undetected?

  • The huge amount of junk elements contained in the executable file of Rombertik is never utilized by the malware. This inflates the volume of the file, which needs to be analyzed and studied by the cyber experts, thus, adjourning the virus identification process.
  • The virus overwrites a single byte of random data 960 million times on the computer memory. This is done to deceive sandbox to take Rombertik to be an authentic program. It leads to extending the data log over 100 GB, thus, complicating the investigation and detection of the malware.

How To Protect Against Rombertik?

  • One should not download attachments in emails from unknown sources.
  • Anti-virus software should be updated to block the malware in the first place.
  • Set up email security settings and block downloading of certain types of attachments.

Cyber security professionals recommend that users should constantly update their system’s security software and keep a backup of all the important data to minimize the effects of getting the system infected with Rombertik.