Understanding Fileless Malware Infections


March 30, 2016

A fileless malware infection refers to a malicious program that is written directly to a computer’s RAM, instead of storing files on the hard drive. The code is usually injected into the running processes and the data is stored in an encrypted format in the registry, making it difficult to detect as well as remove the malware. Since it is stored in the computer’s volatile memory, the infection cannot sustain a system reboot. However, fileless infections can cause maximum damage when they are active.

Fileless malware attacks are mainly aimed at:

  • Avoiding Detection: The malware often cannot be detected by elude intrusion prevention systems and antivirus programs, thereby allowing the hackers to initiate the attack.
  • Gathering Information: The hackers may steal important information stored in the computer, such as financial details, sensitive files, login credentials etc.
  • Escalating Privileges: Exploiting security flaws in the system may provide administrative access to the hackers so that they can launch bigger attacks or download more malware.

Types Of Fileless Malware Infections

  • Memory Resident: This type of fileless malware takes up the memory space of a genuine windows file. It inserts the code into the file memory and stays dormant until triggered or accessed.
  • Windows Registry: It is present in the Windows registry as the folder is not typically accessed by the users. The hacker may place malicious code in the operating system’s thumbnail cache and set the folder to delete itself once the attack is executed.
  • Rootkits: This malware masks its presence behind an application programming interface (API) in order to gain administrator access to the infected system. Fileless rootkits are often hidden at the kernel-level and thus, can remain active in spite of antivirus scan and system reboot.

Tips To Protect Against Fileless Malware

  • Keep your operating system, internet browser, software and applications updated by installing the current security patches.
  • Configure the security settings of your web browser.
  • Disable Java, JavaScript ActiveX, cookies and browser extensions that you do not use.
  • Avoid clicking on suspected URLs and email attachments from unknown sources.
  • Do not download software packages that require installing several applications on your system.
  • Frequently remove unwanted temporary files, cookies and registry files from the computer.
  • Avoid visiting malicious websites or those that use illegal ad networks.

For more tips to keep your computer system protected against fileless malware infections, feel free to contact Centex Technologies at (855) 375 – 9654.

,

Comments are closed.