A new computer virus that tries to avoid detection by making the machine it infects unusable has been discovered this week.
Dubbed ‘Rombertik’, it senses if you’re trying to detect it, triggering evasion techniques theat deletes key files on a computer, making it constantly restart.
Analysts said the virus is unique among malware samples for resisting capture so aggressively. The virus steals login data and other confidential information.
Rombertik typically infects a vulnerable machine after a booby-trapped attachment on an email message had been opened, security researchers Ben Baker and Alex Chiu, from Cisco, said in a blog posting.
Many of the messages Rombertik travels with pose as business enquiry letters from Microsoft.
The malware also “indiscriminately” steals data entered by victims on any website, the researchers said.
But it gets even nastier when it spots someone trying to understand how it works.
“Rombertik is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis,” the researchers said.
The malware regularly carries out internal checks to see if it is under analysis.
If it believes it is, it will attempt to delete an essential Windows system file called the Master Boot Record (MBR). The code replacing the MBR makes the machine print out a message mocking attempts to analyse it.
It will then restart the machine which, because the MBR is missing, will go into an endless restart loop.
The solution to restoring a PC with its MBR deleted is reinstalling Windows, but that likely means important data is lost.
Rombertik also uses other tricks to foil analysis but is regarded as a rather crude piece of spyware.
More sophisticated malware does everything it can to remain silent, so it can harvest information over a long period of time. By taking such aggressive measures to prevent analysis, the virus has drawn attention to itself and makes it an easy target for security firms to hunt and kill.
The destructive nature of the virus highlights a trend towards hacking attacks that destroy systems. 2014s attack on Sony Pictures saw a similar destructive bent, where hackers no longer just steal information but actually physically damage systems and delete data in order to cause chaos.
The pattern shows that many different players, from militaries to intelligence agencies to fraudsters and cyber-vandals, are now involved in creating computer viruses.