Rombertik
Posted: May 8, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 82 |
First Seen: | May 11, 2015 |
---|---|
OS(es) Affected: | Windows |
Rombertik is spyware that uses conventional methods of passively capturing Web browser-based data, such as passwords for your online accounts. Apart from its primary payload, Rombertik also includes a variety of unusually sophisticated defenses against analysis by PC security researchers, including some functions that, in theory, may wipe your hard drive. Despite Rombertik's potentially destructive behavior, malware experts continue to recommend preventative security steps to block this spyware's distribution. Standard anti-malware products still should be capable of removing Rombertik if it becomes necessary.
The Trojan Protecting Itself so You can't Protect Your PC
Rombertik was uncovered recently by a derivative of Cisco Systems. Its e-mail phishing campaign required the victim to download threatening, disguised file attachments, which installed Rombertik. However, Rombertik also undergoes a variety of self-defensive steps prior to launching its main attacks, many of which are of especial concern to malware analysts.
Initially, Rombertik writes random bytes to memory, in an attempt to flood any theoretical analysis tools with garbage log files. Rombertik also makes several, intentionally invalid function calls, seemingly in an attempt to detect Virtual Machine or Sandbox environments. If Rombertik detects a VM machine, Rombertik attempts to overwrite the hard drive's Master Boot Record, which may permanently damage your operating system. If Rombertik fails in this attack, Rombertik includes a backup attack that may encrypt files on your Documents and Settings folder (although Rombertik does not attempt to ransom them). Malware experts also found additional junk data in Rombertik's code that amounts to more 'false leads' to trick analytical tools.
If the above conditions aren't verified, Rombertik finally unpacks its primary executable and launches its spyware payload. Malware experts found this payload to consist of typical form-grabbing attacks that collect information from your browser as you type it. The attacks target data before it can be transferred over the Internet (or protected by a website's encryption standard). Passwords, account usernames, and credit card numbers are some examples of data that Rombertik may collect without any visible symptoms.
Stopping the Rombertik Ticking Bomb
The complexity of Rombertik's defenses makes Rombertik exceptionally difficult to analyze or detect. If you need to use anti-malware tools to detect a potential Rombertik infection, all relevant software should be patched to use the latest threat databases available. System recovery from a Rombertik HD-wiping attack may be extremely difficult, if not necessarily impossible, and preemptive security that blocks an infection is highly encouraged, even more than for most spyware. PC users are advised to watch for attacks originating from e-mail file attachments and other, common infection vectors that should be detectable by your security solutions.
Rombertik also includes an additional, incidental moral in its campaign. While some PC users may prefer to use sandboxes and Virtual Machines to protect their systems from threats, malware like Rombertik also is capable of detecting these defenses, in turn. Keeping up-to-date and multilayered security in place is, as always, safer for your computer than assuming that a single strategy will defeat all forms of threatening software.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.