Malware researchers are taking a deep dive into the enigma of malwares and computer viruses and here’s what they found out- Rombertick! What’s a Rombertick? Security researchers at Cisco are spending big time in researching on this notorious malware which is self-destructive in nature. Now, we know that software technology has advanced at a large extent and with the versatile static, dynamic tools being developed, malware detection has become an easy task. But Rombertik has set a new challenge for for security scientists.
Rombertik is a special type of malware, which, when detected and acted upon by some analytical programming, attacks straightway the Master Boot Record (MBR). This finally ends up by leaving the computer in endless reboot loop making it living hell for researchers. These types of malwares are tough to debug because reverse engineering is a bit tough for these type of virus.
The Talod group of Cisco is working on this issue. In the research paper, Talos revealed that they discovered multiple layers of obfuscation and anti-analysis functionality. The Obfuscation and anti-analysis functionality attacks both the static and dynamic tool, thus make debugging difficult. So, in order to safeguard the system from Rombertik, engineers and scientists at Talos have set up the Reverse Engineering Rombertik. This reverse engineering will aim at understanding how attackers are evading the system. According to the report, “This knowledge can then be used to harden our security products to ensure these anti-analysis techniques are ineffective and allow detection technologies to accurately identify malware to protect customers.”
