Estimated reading time: 9 minutes
Typically, antivirus programs only scan your HDD/SSD, but what if the virus/malware is not installed anywhere? It is directly executing on RAM.
Yes, that’s right, a new malware came into existence: “Fileless Malware.” This malware is not installed anywhere onto your disk but is instead directly executed on the RAM. This makes it hard to get traces of that malware after a system reboot. Last week this malware attacked many of government firms, telecom companies and banks in around 40 countries, according to Kaspersky Lab research.
Let’s understand the basic functionality of this malware.
This program is not installed anywhere on your disk drives. The programs cling to the processes running on RAM or the Kernel. Then it starts a meterpreter session and uses the windows NETSH tool to give control of the computer to the attacker (command and control server).
Just see in the news from Feb 2017:
I hope you enjoyed this article. Let me know below if you have any questions or suggestions on what to cover next, or how to improve.