[Utilizer]

More info:

Cisco researchers have identified a new malware sample, called Rombertik, that takes its detection evasion features one step further than the average cyber threat.

Instead of simply self-destructing when analysis tools are detected, Rombertik attempts to destroy the device’s master boot record (MBR), researchers wrote in a blog post.

This malware spreads through spam and phishing messages sent to possible victims.

In one example, attackers attempted to convince a user to download an attached document in an email. If downloaded and unzipped, a file that looks like a document thumbnail comes up. Although it mimics a PDF icon, it is actually a .SCR screensaver executable file containing the malware.

At this point Rombertik will first run anti-analysis checks to determine whether it is running within a sandbox. If it isn’t, it will then decrypt and install itself, which then allows it to launch a second copy of itself and to overwrite the second copy with the malware’s core functionality.

...

http://www.itnews.com.au/News/403620,new-malware-strain-destroys-master-boot-record-to-avoid-detection.aspx

[dayglored]

DANG!!

[tacticalogic]

At this point Rombertik will first run anti-analysis checks to determine whether it is running within a sandbox. If it isn’t, it will then decrypt and install itself, which then allows it to launch a second copy of itself and to overwrite the second copy with the malware’s core functionality.

Need to get it in a sandbox it doesn't recognize.

[GeronL]

wow