Suicidal Virus Kills Computers
A self-destructing virus that kills PCs has been discovered.
The virus, known as Rombertik, attempts to avoid detection by making the machine it affects unusable. If the evasion techniques are triggered, it deletes key files on a computer, making it constantly restart.
Analysts have said Rombertik was "unique" among malware samples, for fighting capture so aggressively.
On windows machines, where the virus goes unnoticed, the malware steals login data and other confidential information.
In a blog post, security researchers Ben Baker and Alex Chiu from Cisco said the virus typically affected a vulnerable machine after a booby-trapped attachment had been opened from a phishing message.
Some of the messages Rombertik travels with pose as business enquiry letters from Microsoft.
The researchers said the malware "indiscriminately" stole data entered by victims on any website.
They added: "Rombertik is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis."
The malware regularly carries out internal checks to see if it is under analysis, and if the virus believes it is, it will attempt to delete an essential Windows system file called the Master Boot Record (MBR).
It will then restart the machine, and because the MBR is missing it will go into an endless restart loop.
The code which replaces the MBR forces the machine to print out a message mocking attempts to analyse it.
Other tricks that Rombertik uses to foil analysis is to write a byte of data to memory 960 million times to overwhelm analysis tools that try to spot this malware by logging system activity.
Security expert Graham Cluley believes a virus as destructive as Rombertik is quite rare.
He said: "It's not the norm. That's because malware these days doesn't want to draw attention to itself, as that works against its typical goal - to lie in wait, stealing information for a long time."
Return to internet news headlines
View Internet News Archive