Analysis byChloe Ordonia

ROMBERTIK malware is known for its information-stealing routines via hooking itself on certain web browsers. It typically arrives as an attachment to email messages. In the spam samples we spotted, recipients are asked if they wanted to do business with Windows America, a bogus manufacturing company. Moreover, it also tells them to open the attachment supposedly containing their specifications and conditions. In actual, the archived attachment contains an executable screensaver file, which when executed is a malware detected as BKDR_ROMBERTIK.A.

When executed, this backdoor is capable of wiping the affected system's hard drive if it detects security detection efforts, which can possibly cause loss of sensitive data/critical documents. Users are advised to be wary against spam emails such as this and to install a security software that can detect malware thus preventing system infection and possible information theft.

 SPAM BLOCKING DATE / TIME: 05 de мая de 2015 GMT-8
 TMASE
  • TMASE Engine: :
  • Patrón TMASE: :1524

Zugehörige Datei