This topic contains 1 reply, has 1 voice, and was last updated by Vipin Pandey 2 years, 5 months ago.
February 9, 2017 at 11:55 am #5274
There is a new malware in town, and this time it is not something like you have seen and fixed earlier. A very sophisticated malware that works intelligently to prevent detection and successfully finishes its job. So far we call it as “Fileless Malware” which means, there are zero data stored in the hard disk and the malware operates entirely using the Memory in a computer. Though it stores few logs and data within the memory, it automatically deleted when the system reboot happens.
This fileless malware is very hard to detect but does the job of giving access to the entire computer and its data to the remote attacker.
Security Researchers at Kaspersky, recently found a suspicious behavior in a bank’s security system, where they found Meterpreter code inside physical memory of a domain controller. This led to investigate further and Kaspersky’s Lab detection team have found a threat similar to Trojan attack.
Hackers have used Metasploit framework to successfully execute this attack, which is confirmed by the script they have found in the RAM memory unit. The Forensic Analysis team have found, the attack uses PowerShell scripts within Windows Registry. Additionally, the attackers use SC and NETSH utilities built into the Windows computer with System Service accounts for successful execution to avail Administration Privileges.
It is completely silent and very stealthy mode of attack that stores zero data into the computers hard disk drive. So it is not possible to detect by any antivirus softwares or security programs installed in the computer.
Read more about the Fileless Malware in detail from the above link to Kaspersky Lab blog. Thanks for reading and don’t forget to share a word about this security news to your friends and followers. Have a great day.
You may also like to Read,February 14, 2017 at 9:47 am #5295
This is alarming, a fileless malware means there is no detection. It can do anything and will no traces. The security companies should find a cure for this.