Cisco warns of malware Rombertik: MBR at risk

Cisco comes from the alert for a new malware found on the web that can encrypt your data and damage the Master Boot Record.

It’s called Rombertik the threat discovered by Talos Group of Cisco, the elite of researchers of the American multinational specialized in research and analysis of advanced threats. Researchers Ben Baker and Alex Chiu have isolated and subsequently described the new malware in an article (found here: http://blogs.cisco.com/security/talos/rombertik); the threat propagates through spam and phishing e-mail, with the intention of stealing information from the PC hit.

Putting already clear that the infection spreads primarily through social engineering, Rombertik, once the PC, tends to disguise themselves so as to become difficult to analyze the eyes of computer scientists. The file of a significant size (about 1.2 MB), is composed of 97% of unnecessary code, put there just to divert the attention of possible malware researcher. The code stream of malware is written specifically to make slow and laborious extraction of the real payload, whose dimensions are actually much smaller – about 30 KB executable code.

The malware, once you hit the PC, attaches major browsers – Internet Explorer, Chrome, Firefox – stealing information, login credentials, personal data from Internet connections, also protected by SSL, and send it to the control server located at centozos.org.in web address.

The most dangerous part of this malware is its ability to a self-defense if ” discovers ” it to be analyzed, performs a destructive mechanism to the infected PC, trying to completely erase the partition table of the Master Boot Record (MBR) and encrypting all files in the infected user’s home directory.