Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Developers of Rombertik Stopping Its Illegal Use - Symantec

Earlier this month, Cisco reported that the Rombertik malware tries to destroy the master boot record (MBR) of infected devices to stop researchers from examining the threat. However, Symantec says that the feature is designed to stop the usage of Trojan illegally.

Symantec says that Rombertik is a new type of Trojan which is called Carbon Grabber (Infostealer.Retgate). This malware enables cybercriminals to steal information and gives them access to infected devices through backdoor.

The malware has many mechanisms of anti-analysis designed to stop researchers from running it in a sandbox but if someone tries to fiddle with it, the malware tries to overwrite the MBR of the device while encrypting files. However, Symantec believes that this damaging payload is not actually meant for researchers of the security firm.

Researchers believe that the feature is actually a trap for those who might try to use and adjust the malware without any authorization. When cybercriminals buy Rombertik from its author, they receive a copy which converses with their server of command and control (C&C) only and the address of the C&C implanted in the binary code.

For any new cybercriminals, who have succeeded in getting a copy of the malware and would like to use it without paying, they could identify C&C address with only some basic skills and try to change it to point to another selected address by only hacking the binary file itself.

However, if they were fool enough to do this, they would activate the damaging protection mechanism unknowingly. This is, may be, to project punishment for attempting to sabotage the malware.

Net-security.org published news on 18th May, 2015 quoting Dumitru Stama, a Researcher with Symantec, as saying: "It is exciting to find that this mechanism of protection can be ignored because of execution of error made by the developer of the malware".

Net-security.org published news on 18th May, 2015 stating that Raul Alvarez, a Researcher with Fortinet, also revealed that MBR wipe routine of Rombertik will not work on new versions of Windows because it does not have sufficient approval to do it.

However, it will attempt to overwrite files in the computer but will avoid files with following extensions: .exe,.dll, .drv. and .vxd.

ยป SPAMfighter News - 5/27/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page