Self-destructing virus kills off PCs

teoti ^ | 9:38 pm 05/05/2015 | tricpe

[Utilizer]

No word on how to protect from it or prevent it so far.

[Utilizer]

Ping.

[nickcarraway]

It’s called Windows?

[loungitude]

It’s called Windows?

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

No, It’s called Windows Marketing.

[tacticalogic]

Can it overwrite the MBR on a Safe Boot / UFEI machine?

[dayglored]

Nasty virus, no fix for it yet ... PING!

You can find all the Windows Ping list threads with FR search: search on keyword "windowspinglist".

Thanks to Utilizer for the ping!

[Utilizer]

More info:

Cisco researchers have identified a new malware sample, called Rombertik, that takes its detection evasion features one step further than the average cyber threat.

Instead of simply self-destructing when analysis tools are detected, Rombertik attempts to destroy the device’s master boot record (MBR), researchers wrote in a blog post.

This malware spreads through spam and phishing messages sent to possible victims.

In one example, attackers attempted to convince a user to download an attached document in an email. If downloaded and unzipped, a file that looks like a document thumbnail comes up. Although it mimics a PDF icon, it is actually a .SCR screensaver executable file containing the malware.

At this point Rombertik will first run anti-analysis checks to determine whether it is running within a sandbox. If it isn’t, it will then decrypt and install itself, which then allows it to launch a second copy of itself and to overwrite the second copy with the malware’s core functionality.

...

http://www.itnews.com.au/News/403620,new-malware-strain-destroys-master-boot-record-to-avoid-detection.aspx

[dayglored]

>> It’s called Windows?

> No, It’s called Windows Marketing.

Wow, tough crowd tonight... :-)

[dayglored]

DANG!!

[Billthedrill]

Restoring a PC with its MBR deleted involves reinstalling Windows, which could mean important data is lost.

No, it doesn't.

[Utilizer]

No word yet. It has just been detected and the coders are still examining it.

Best to have backups ready now just in case.

[dennisw]

If this happens you take the infected hard drive and install it as a slave (or non bootable) on a clean desktop computer. Pull off all necessary files you want to keep. Wipe clean the infected hard drive and reuse it

[dayglored]

>> Restoring a PC with its MBR deleted involves reinstalling Windows, which could mean important data is lost.

> No, it doesn't.

If all that's overwritten is the MBR itself, that can be reconstructed. Hell even old FDISK/MBR might do it.

But if the partition table got overwritten and it was anything other than trivial, the average user will be outta luck.

[jetson]

bing

[TonyM]

No doubt created by liberal democrats so Hillary can say that is what happened to all of her e-mails. Yeah, that’s the ticket, virus destroyed my e-mails, and Morgan Fairchild’s too.

[Billthedrill]

MBR wipers are a quarter century old. Restoring a partition table is trivial. This is ridiculous.

[tacticalogic]

If this happens you take the infected hard drive and install it as a slave (or non bootable) on a clean desktop computer. Pull off all necessary files you want to keep. Wipe clean the infected hard drive and reuse it

Done it many times when doing bare-metal upgrades. The downside is having to re-install all the software.

[Bratch]

Security expert Graham Cluley said destructive viruses such as Rombertik were quite rare.

So far.

[dayglored]

> MBR wipers are a quarter century old. Restoring a partition table is trivial. This is ridiculous.

I'm not going to argue with you. I WROTE partition table utilities in the 80's. You're right, it's trivial -- if you are a literate user who knows what a partition table is.

Most Windows users wouldn't know an MBR or partition table if it bit them on the ass.

And besides, these days, computers are using GUID partitioning. You gonna teach users how to use "parted"? Best of luck.

I'm not disagreeing that it's trivial in most cases. I'm saying that trivial or not it is impossible for today's average Windows user.

[loungitude]

Mostly humor/gloming on../Windows works great for me... And has for 20+ years.