解析者: Chloe Ordonia

ROMBERTIK malware is known for its information-stealing routines via hooking itself on certain web browsers. It typically arrives as an attachment to email messages. In the spam samples we spotted, recipients are asked if they wanted to do business with Windows America, a bogus manufacturing company. Moreover, it also tells them to open the attachment supposedly containing their specifications and conditions. In actual, the archived attachment contains an executable screensaver file, which when executed is a malware detected as BKDR_ROMBERTIK.A.

When executed, this backdoor is capable of wiping the affected system's hard drive if it detects security detection efforts, which can possibly cause loss of sensitive data/critical documents. Users are advised to be wary against spam emails such as this and to install a security software that can detect malware thus preventing system infection and possible information theft.

 スパムブロック日時 : 2015年5月5日 22:16:00 GMT-8
 TMASE
  • TMASEエンジン:7.5
  • TMASEパターンバージョン:1524

関連マルウェア