Cisco discovers virus that can delete essential Windows files then kills itself.
A piece of malware capable of destroying the computers it infects has been unearthed by the security division of Cisco.
Rombertik, the name given to the virus by the company, is spread through a spam phishing campaign with the intention of stealing user data, including keystrokes, and tracking a victim’s online activities.
Ben Baker and Alex Chiu, security researchers at Cisco’s Talos cybersecurity group, claimed that the virus was capable of deleting the Master Boot Record, an essential system file, if it detected that it was being analysed.
The malware then restarts the computer, causing the machine to go into an endless loop.
"In the process of reverse engineering Rombertik, Talos discovered multiple layers of obfuscation and anti-analysis functionality," the pair of researchers said in a company blog post.
"This functionality was designed to evade both static and dynamic analysis tools, make debugging difficult."
Graham Cluley, a security journalist, told the BBC that such destructive viruses were rare because most hackers would try to design a silent virus that would escape the notice of the victim.
"That’s because malware these days doesn’t want to draw attention to itself, as that works against its typical goal – to lie in wait, stealing information for a long time," he said.