Rombertik, as the malware has been dubbed by researchers from Cisco Systems` Talos Group, is a complex piece of software that indiscriminately collects everything a user does on the Web, presumably to obtain login credentials and other sensitive data. It gets installed when people click on attachments included in malicious e-mails. Talos researchers reverse engineered the software and found that behind the scenes Rombertik takes a variety of steps to evade analysis.
It contains multiple levels of obfuscation and anti-analysis functions that make it hard for outsiders to peer into its inner workings.
And in cases that main yfoye.exe component detects the malware is under the microscope of a security researcher or rival malware writer, Rombertik will self-destruct, taking along with it the contents of a victim`s hard drive.
Read original article
No comments:
Post a Comment