1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Super secretive malware wipes hard drive to prevent analysis

Discussion in 'Windows - Virus and spyware problems' started by ireland, May 5, 2015.

  1. ireland

    ireland Active member

    Joined:
    Nov 28, 2002
    Messages:
    3,451
    Likes Received:
    15
    Trophy Points:
    68
  2. ireland

    ireland Active member

    Joined:
    Nov 28, 2002
    Messages:
    3,451
    Likes Received:
    15
    Trophy Points:
    68
    Rombertik' malware kills host computers if you attempt a cure

    Say goodbye to your master boot record and home directory if you try to stop it

    Cisco researchers Ben Baker and Alex Chiu have found new malware that destroys a machine's Master Boot Record and home directories if it detects meddling white hats.

    more here

    http://www.theregister.co.uk/2015/05/05/rombertik_malware/
     
  3. ireland

    ireland Active member

    Joined:
    Nov 28, 2002
    Messages:
    3,451
    Likes Received:
    15
    Trophy Points:
    68
  4. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    es, I think Xbox had one of these. Most rewrite your MBR. This prevents someone booting from a DVD to remove a root kit and if they do clean it out somehow (pull the battery) you lose any HD that had touched the computer while itt was infected.

    Persons must feel safe as long as their computer isn't 'blowing up' on them. I continue to get these the first being maybe a year ago. I made quite a stink since my advice to Help my computer is installing and uninstalling software was to ignore it.

    I am sure I have the firmware malware since the computer that never sees the internet and ought to be clean had a new software glitch. Sandboxie has been disabled, hackers hate that software. I don't really care since I don't use that software any more on that computer. The worry is the only contact from the outside world is USBs. I store windows offline updates gotten from the internet on a different computer on my main computer. Now I think I can't even risk USBs touching it. Today my internet computer startred losing the display. This occurs when I add or remove a USB drive. It didn't occur to me the firmware malware would contine to update making it even nastier than it is allready. Apparently this type of malware has been out there for a good long time, see link. The problem has always been it is not detectable by any over the counter software so we are not aware of this type of malware.

    It is likely that everyone reading this is infected whether they believe it or not.

    I read about BadBIOS a year or 2 back but I don't remember reading this article. It is beyond me to believe persons think they are safe from a highly contagious, unstoppable and undetectable malware Dragos Ruiu probably had state of the art protection for his computers, better than what any of us have when he got the infection.

    http://arstechnica.com/security/201...erious-mac-and-pc-malware-that-jumps-airgaps/

    Assume you are infected and don't do anything on the web you wouldn't want theives to record. DO NOT REMOVE ANY ROOT KIT unless you don't care about your drives and the data on the drives. It is far safer to move that computer off line and buy a new computer. Or you can pat yourselves on the back for being invincable. Maybe you need to lose some hard disks before the message gets through.
     
    Last edited: May 11, 2015
  5. ps355528

    ps355528 Active member

    Joined:
    Aug 17, 2010
    Messages:
    1,059
    Likes Received:
    26
    Trophy Points:
    78
    firmware malware.. well heres the crack to check. I know you know how to run a bios checksum?.. then compare that to the checksum from the makers supplied backup bios file.. just go to the library of motherboard bios files and grab it.. then compare.. same for hdd's etc.. linux and I2C tools..

    as for rootkits.. cvv is fun :D
     
  6. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Easier to unplug and take out the battery for BIOS. For HDs and USB drives that is a great tip.

    Thanks! Great tip! I asked all over the place for a how to check USB drives without success. You are a fountain of information.

    The problem is if you think you go something you probably do. I got a (new) refurbished computer, a new modem/router and a new IP address. Within a minute or 2 ater connecting to the router my security asked for permission for wsvchost to connect to the internet. Before I could respond the OK button was activated. When I turned off permission for wsvchost to connect to the internet my browser ceased to work. The browser was sandboxed at the time. When I allowed access the browser worked. I guess that is a man-in-the-middle ploy.

    I am giving up! Either the browser was already infected at the refurbish or the hackers are super smart.
     

Share This Page