Fileless Malware

February 17, 2017 | Views: 8408

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Estimated reading time: 9 minutes

Hello Cybrarians!

Typically, antivirus programs only scan your HDD/SSD, but what if the virus/malware is not installed anywhere? It is directly executing on RAM.

Yes, that’s right, a new malware came into existence: “Fileless Malware.” This malware is not installed anywhere onto your disk but is instead directly executed on the RAM. This makes it hard to get traces of that malware after a system reboot. Last week this malware attacked many of government firms, telecom companies and banks in around 40 countries, according to Kaspersky Lab research.

Let’s understand the basic functionality of this malware.

This program is not installed anywhere on your disk drives. The programs cling to the processes running on RAM or the Kernel. Then it starts a meterpreter session and uses the windows NETSH tool to give control of the computer to the attacker (command and control server).

Just see in the news from Feb 2017:

I hope you enjoyed this article. Let me know below if you have any questions or suggestions on what to cover next, or how to improve.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. waaar biasaaaaaaaaaaaaaaaaaaaa

  2. Interesting stuff you got there. +10CB!

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?