Cisco Talos reports a new strain of spyware called Rombertik that escalates its anti-detection capabilities by destroying the Master Boot Record if the code is audited. A limited number of samples of the malware were spotted at the start of the year. The malware has a number of unusual and complex features, most of which are designed to evade detection and analysis. The more samples we see, the more problems companies are likely going to have, Cisco says. Most of the emails pushing the malware carry a similar theme of an organization making a business pitch to work with an enterprise.
Source: https://threatpost.com/rombertik-malware-can-overwrite-mbr-if-audited/112608/