Hackers using drive by malware that leaves no files on a system
Posted by: Timothy Weaver on 09/02/2014 03:33 PM [ Comments ]
A relatively new form of malware has surfaced that, unlike most malware, leaves no files on the victims computer. The Angler exploit kit—a Web-based attack tool—injects malicious code directly into other processes.
Fileless malware threats are not new, but their use is rare. It is not widely used because it is not a persistent attack. Once the victim reboots, the reboot clears RAM memory and the malware is erased.
A wide range of possibilities are opened with this type of infection. It provides a powerful way to bypass antivirus detection, it’s ideal for running a one-time information stealing program and it allows them to gather information about a compromised computer before deploying a more persistent threat that defeats its defenses.
Bogdan Botezatu, a senior e-threat analyst at Bitdefender, said: “The introduction of memory-based malware is definitely a step up for cyber-criminals. I didn’t expect to see this technique included in a commercially-available exploit kit though, as money-driven cyber-criminals would rather trade stealth for persistence.”
Botezatu went on to say that malware that resides only in memory is more typical of high-profile and state-sponsored attacks, because it allows attackers to infect the target, exfiltrate information and leave no trace on disk for forensic analysis.
Fileless malware threats are not new, but their use is rare. It is not widely used because it is not a persistent attack. Once the victim reboots, the reboot clears RAM memory and the malware is erased.
A wide range of possibilities are opened with this type of infection. It provides a powerful way to bypass antivirus detection, it’s ideal for running a one-time information stealing program and it allows them to gather information about a compromised computer before deploying a more persistent threat that defeats its defenses.
Bogdan Botezatu, a senior e-threat analyst at Bitdefender, said: “The introduction of memory-based malware is definitely a step up for cyber-criminals. I didn’t expect to see this technique included in a commercially-available exploit kit though, as money-driven cyber-criminals would rather trade stealth for persistence.”
Botezatu went on to say that malware that resides only in memory is more typical of high-profile and state-sponsored attacks, because it allows attackers to infect the target, exfiltrate information and leave no trace on disk for forensic analysis.
Comments