Well, no one here will get it, but cyber criminals have developed very sophisticated means of gathering identifying info,friends,interests of individuals who through social engineering may fall victim. "Destructive computer virus uncovered A computer virus that tries to avoid detection by making the machine it infects unusable has been found..." http://www.bbc.com/news/technology-32591265
So this destruction procedure is activated only if someone wants to analyze it? Trying to remove it probably wouldn't trigger self destruction, or would it?
My phone company wants you to keep your profile information current so they send you a email asking your email address and credit card number and your street address and state+country and provide links to fill in your information, to me this sounds like a phishing email with a payload of viruses...so I just ignore the email.
I don't think it's so much that this particular strain is a threat with the way it's spread (I honestly expect this is a PoC whose code will be for sale on some black market or another) but once others begin adding similar functions into new variants of malware it could start to be a real issue. With so much data to sift through it would take AV vendors even longer to catch up (and they're already behind to start with.) Add to that the wiping ability and I'd hate to have one this like end up on my machine via an ad exploit later down the line. ><
Repeat after anon and I "It gets installed when people click on attachments included in malicious e-mails." I know you guys are all aware of this but for the occasional visitor : "It gets installed when people click on attachments included in malicious e-mails." Like in West Side Story's "Maria"... I'll never stop saying ... OKAY
The Malwarebytes blog also discusses Rombertik: https://blog.malwarebytes.org/security-threat/2015/05/whats-important-about-rombertik
If you run this inside the sandbox with Sandboxie, it can't do any damage. If run outside the sandbox, a HIPS like SpyShelter should be able to block modification to the MBR. And normally, HMPA should be able to block the file modification part.
There is also a lot of FUD out there. I saw a BBC article that said if your MBR was wiped out the only solution was to resinstall windows. Apparently they have never heard of Imaging software or the windows repair disk. Geesh.
"It gets installed when people click on attachments included in malicious e-mails." I would take that with a pinch of salt, it is fallacy to suggest such a sophisticated piece of malware only attacks via email attachments. Email attachments are just one way of delivering executable code to a machine, there are countless other ways.
Rombertik's disk wiping mechanism is aimed at pirates, not researchers http://www.net-security.org/malware_news.php?id=3040
From Nigeria's emails through Nigeria's social engineering to Nigeria's advanced ransomware. Seems like pretty skilled hackers there, I wonder what comes next.
