Providing Free and Editor Tested Software Downloads
< HOME | TUTORIALS | GEEK-CADE| WEB TOOLS | YOUTUBE | NEWSLETTER | DEALS! | FORUMS | >

MajorGeeks.com - It's all Geek to me.

Software Categories

All In One Tweaks
Android
Antivirus & Malware
Appearance
Back Up
Browsers
CD\DVD\Blu-Ray
Covert Ops
Drivers
Drives (SSD, HDD, USB)
Games
Graphics & Photos
Internet Tools
Linux Distros
MajorGeeks Windows Tweaks
Multimedia
Networking
Office & Productivity
System Tools

Other news

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews




spread the word

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds
· News Blur
· Yahoo
· Symbaloo

about

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us
· Copyright
· Privacy
· Terms of Service
· How to Uninstall

top downloads

1. GS Auto Clicker
2. Smart Defrag
3. Macrium Reflect FREE Edition
4. Sergei Strelec's WinPE
5. MusicBee
6. Visual C++ Redistributable Runtimes AIO Repack
7. ImgBurn
8. K-Lite Mega Codec Pack
9. Unlocker
10. FlyOobe / Flyby11
More >>

top reads

Star 8 Windows Shortcuts That’ll Make You More Productive and Save You Time

Star Windows 10 Not Dead Yet - You Can Still Get Updates For Free

Star What is a '400 Bad Request - Request Header or Cookie Too Large' Error and How to Fix It

Star How to Fix Windows Install Error 0xC1900101

Star How to Force Enable Windows 10 Extended Security Updates If The Option Is Not Showing

Star Windows 11 25H2 is Out: What’s New and How to Get It Now.

Star Star Trek Fleet Command Promo Codes: Redeem Codes for Free Shards, Blueprints And Resources

Star Boost Your PC Speed with ReadyBoost: How a Thumb Drive Can Enhance Your System's Performance

Star 5 Hidden Windows Tools You’ve Had All Along But Never Use

Star Use the Windows 10 Media Creation Tool Before Support Ends For Windows 10 in 2025


MajorGeeks.Com » News » May 2015 » New malware destroys hard drives

New malware destroys hard drives


Posted by: Timothy Weaver on 05/06/2015 08:15 AM [ comments Comments ]


Rombertik, as the malware has been dubbed, is a new piece of malware that effectively avoids detection and has the ability to destroy the hard drive to avoid detection.

In cases where the main yfoye.exe component detects the malware is under the microscope of a security researcher or rival malware writer, Rombertik will self-destruct, taking along with it the contents of a victim's hard drive.

In a blog post published Monday, Talos researchers Ben Baker and Alex Chiu wrote:

Once the unpacked version of Rombertik within the second copy of yfoye.exe begins executing, one last anti-analysis function is run — which turns out to be particularly nasty if the check fails. The function computes a 32-bit hash of a resource in memory, and compares it to the PE Compile Timestamp of the unpacked sample. If the resource or compile time has been altered, the malware acts destructively. It first attempts to overwrite the Master Boot Record (MBR) of PhysicalDisk0, which renders the computer inoperable. If the malware does not have permissions to overwrite the MBR, it will instead destroy all files in the user’s home folder (e.g. C:\Documents and Settings\Administrator\) by encrypting each file with a randomly generated RC4 key. After the MBR is overwritten, or the home folder has been encrypted, the computer is restarted.

The Master Boot Record starts with code that is executed before the Operating System. The overwritten MBR contains code to print out “Carbon crack attempt, failed”, then enters an infinite loop preventing the system from continuing to boot.

Effectively, Rombertik begins to behave like a wiper malware sample, trashing the user’s computer if it detects it’s being analyzed. While Talos has observed anti-analysis and anti-debugging techniques in malware samples in the past, Rombertik is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis.

Source: Arstechnica


« New on MajorGeeks: Super Mario Bros. In First Person · New malware destroys hard drives · Fiesta malware delivers ransomware »




Comments
comments powered by Disqus

MajorGeeks.Com » News » May 2015 » New malware destroys hard drives

© 2000-2025 MajorGeeks.com
Powered by Contentteller® Business Edition