Typically, antivirus programs only scan your HDD/SSD, but what if the virus/malware is not installed anywhere? It is directly executing on RAM.
Yes, that’s right, a new malware came into existence: “Fileless Malware.” This malware is not installed anywhere onto your disk but is instead directly executed on the RAM. This makes it hard to get traces of that malware after a system reboot. Last week this malware attacked many of government firms, telecom companies and banks in around 40 countries, according to Kaspersky Lab research.
Let’s understand the basic functionality of this malware.
This program is not installed anywhere on your disk drives. The programs cling to the processes running on RAM or the Kernel. Then it starts a meterpreter session and uses the windows NETSH tool to give control of the computer to the attacker (command and control server).
Just see in the news from Feb 2017:
I hope you enjoyed this article. Let me know below if you have any questions or suggestions on what to cover next, or how to improve.
We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.