Contrary to most computer viruses Rombertik is able to stay out of the detection process or even rendering the device been infected inaccessible. Its “unique” virus resists detection very well and, when it is detected it begins to erase files from the computer. The virus causes the computer to restart continuously in a loop when its mechanism for evasion is activated. This malware is also able to steal user’s login details as well as other sensitive data.
Check out Computer Repairs Nudgee we have the expertise in identifying all forms of malware such as computer worms, ransomware, hijackware, spams, dialers, annoying pop-ups, trojan horses, rootkits, keyloggers, adware, spyware and even malicious Browser Helper Objects (BHOs).
If Rombertik succeeds in avoiding detection in the first stages and then installs itself into its AppData or startup folders. In the end it will replace itself with an unpacked executable. When the virus is integrated into the system it can constantly check against the “unpacked version.”
Although Rombertik isn’t able to completely remove the affected system but it will erase the partition section of the hard disk–the Master Boot Record (MBR)–and force to reboot the system when it detects.
If any changes that would erase or quarantine the file occur, Rombertik attempts to attack the MBR and places it into the loop of restart. If it fails its attempts, Rombertik will attempt to decrypt files that are stored inside the Home folder.
The virus’s elusive nature was discovered by researchers of the Cisco-led Talos Security Intelligence and Research Group. Rombertik includes “multiple levels of opaqueness, as well as anti-analysis features.”
If a user clicks attachments in malicious emails The self-destructing virus then installs itself on the computer in question.
What can we do to protect ourselves from Rombertik?
Keep your anti-virus software up to date.
Be wary of clicking on email attachments sent by unknown persons.
Be aware of the security rules for e-mails: Block certain kinds of attachments.
“Rombertik is known to spread via spam and messages of phishing sent to potential users … In the highest scale, Rombertik is a complex piece of malware created to be able to get into the browser of the user to access the user’s credentials and other personal information to be transferred to an attacker-controlled server.
The Rombertik executable is packed with a huge quantity of “garbage code” that is not used by the malware. This helps it increase the size of the code that analysts have to review and analyze as well as causing confusion during methods of identifying.
The malware can also write one byte of random information to memory more than of 960 million times. This trick can fool Sandboxes into believing the malware is an ordinary program. This can lead to the data log to nearly 100GB it is a long process that makes it difficult to perform investigation and detection of the malware.