Daily Bulletin


The Conversation

  • Written by The Conversation
imageRombertik takes the nuclear option rather than be found.National Nuclear Security Administration

In human culture and warfare, the notion of self-destructive attackers like the Kamikaze pilots deployed during World War II, is pervasive. A more recent conflict is the cyber-war between those creating malware and the security firms and cyber-security specialists that attempt to thwart them. In this battle, the recently revealed Rombertik malware is an interesting evolution.

Rombertik is a complex malware form that’s capable of pulling the pin on a grenade and taking itself and the computer on which it resides down with it as it goes. Rombertik literally self-destructs on discovery, as a means of defending itself against detection. While it’s possible to detect, the malware makes it incredibly difficult to deploy any technological countermeasures.

Take no prisoners

Malware experts are struggling to learn the inner workings of this interesting adversary. Scanning for any opportunities possible, Rombertik will attach itself to a web browser and attempt to capture all the data passing through it. This means that nothing is safe: emails, passwords, personal details, which cat videos you watch – everything is up for grabs.

Worse is that if you attempt to analyse this nasty malware, Rombertik will deliberately attempt to corrupt the master boot record of your storage device, where crucial details such as the location of files on the disk and the layout of the disk’s partitions are stored. The result is that on the following reboot, the disk and everything on it will be useless until wiped and re-installed, removing all your data with it. It’s a pain, and while recovery isn’t out of the question, that’s an even bigger pain.

The war of attrition between those creating anti-virus software and those creating malware leads to a cycle of invention. Many malware have included forms of defence – for example those that stop the user running the Windows task manager to kill the virus process, or detect and disable antivirus software, or prevent internet connections – but Rombertik’s approach is certainly an example of the nuclear option.

Rombertik spreads as an email worm, and can seemingly arrive from a legitimate source. It is very good at concealing itself in all manner of attachments, and is a very small application capable of hiding in a considerably larger payload, once it has embedded itself in your web browser. It’s able to infect Chrome, Firefox and Internet Explorer browsers.

When active, it uses various tricks to confuse some of the various defences of the host operating system. Aimed solely at Microsoft Windows, this means anyone using Windows XP, 7, 8 and 8.1 and Internet Explorer should be concerned. While there’s a worldwide drop in the market share of Windows operating systems on the desktop, the statistics clearly show that there are hundreds of millions, if not billions of Windows installations. Rombertik’s creators are still assured of a popular platform to attack.

What can you do

However, don’t panic. While there’s considerable hype about Rombertik, preventing yourself from becoming a victim is no more difficult that following the common sense rules that apply to avoiding any other malware.

Ensure that you have anti-malware software, and ensure that it downloads the latest updates and anti-malware definitions – preferably set to do so automatically – and that it’s set to scan all incoming email. Many webmail services such as Gmail and Hotmail already do so. Nevertheless, don’t click on attachments in bizarre emails from unknown senders, nor on unexpected attachments from a trusted sender (this could be any file format). Treat unexpected mails with attachments as suspicious, and scan the file.

Rombertik suicide tactics are nothing new, and while the attack vector is aggressive, the solution is very old school.

Andrew Smith does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

Authors: The Conversation

Read more http://theconversation.com/rombertik-kamikaze-virus-is-inventive-and-aggressive-but-its-not-the-end-of-the-world-41483

Writers Wanted

Heading back to the playground? 10 tips to keep your family and others COVID-safe

arrow_forward

Qatar expresses 'regrets' for 'any distress' to women invasively searched in baby incident

arrow_forward

Education & More – Family Tips on How to Settle in Bangkok

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Business News

AppDynamics Solves Visibility Gap Between Traditional Infrastructure and Cloud Environments

New Full Stack Observability Platform, Integration With Cisco Intersight Workload Optimizer and Cloud Native Visualisation Features Provide Cross Domain Insights and Analytics of Business Perfor...

Hotwire Global - avatar Hotwire Global

Why Your Small Business Should Bulk Buy Hand Sanitiser

As a small business owner, employee and customer safety is at the very top of your priority list. From risk assessments to health and safety officers, appropriate signage and proper briefing...

News Co - avatar News Co

How Phone Number Search In Sydney Can Help Your Business

To run a successful business, keeping track of your company and competitors are the major factors. With a lot of tools, available businesses have options to stay current. One way in which busine...

News Co - avatar News Co



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion