Movatterモバイル変換

[0]ホーム

Jump to content

Rombertik

Edit links

From Wikipedia, the free encyclopedia

Computer spyware

The topic of this articlemay not meet Wikipedia'sgeneral notability guideline. Please help to demonstrate the notability of the topic by citingreliable secondary sources that areindependent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to bemerged,redirected, ordeleted.
Find sources: "Rombertik" – news ·newspapers ·books ·scholar ·JSTOR(May 2024) (Learn how and when to remove this message)

Rombertik is spyware designed to steal confidential information from targets using Internet Explorer, Firefox, or Chrome running on Windows computers.^[1] It was first publicized by researchers at Cisco Talos Security and Intelligence Group.

Operation

[edit]

Rombertik employs several techniques to make analyzing or reverse-engineering it difficult. Over 97% of the file is unnecessary code or data meant to overwhelm analysts. It loops through code hundreds of millions of times to delay execution, and checks for file names and user names used byMalware Analysis Sandboxes.

If Rombertik detects a modification in the compile time or binary resource in memory, it attempts to overwrite theMaster Boot Record (MBR) on the primary hard drive.^[2] The MBR contains code necessary to boot the Operating System, as well as information about where partitions are stored on the hard drive. Though the user's data remains on the hard drive, the Operating System is unable to access it without the MBR. In some cases, it may be possible to recover data from a hard drive with a modified MBR.^[3]

If the malware does not have the necessary permissions to overwrite the MBR, it instead encrypts each file in the victim's home directory. This directory encryption technique is similar toransomware, but Rombertik does not attempt to extort money from its victims. Files encrypted with a strong key can be nearly impossible to recover.^[4]

Ps installed, it injects code into running processes of Internet Explorer, Firefox, and Chrome. The injected code intercepts web data before it is encrypted by the browser, and forwards it to a remote server.^[1]

References

[edit]

^^a ^b"Threat Spotlight: Rombertik". Cisco Blogs. May 4, 2015.
^"Self-destructing virus kills off PCs". BBC News. May 5, 2015.
^"Partition Recovery Concepts". Active Data Recovery Software. RetrievedMay 8, 2015.
^Lemos, Robert (June 13, 2008)."Ransomware resisting crypto cracking efforts". SecurityFocus.

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach HackingTeam Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Groups

Individuals

Majorvulnerabilities
publiclydisclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
WinShock (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

Retrieved from "https://en.wikipedia.org/w/index.php?title=Rombertik&oldid=1224402214"

Categories:

Hidden categories:

[8]ページ先頭