Every computer software, whether it is a software application or a virus or malware, comes in the form of a program file. Whatever is there on a computer system, exists in one or another form of a computer file. But there is this malware infecting computer systems at different banks and organizations that is fileless.
As reported in this Ars Technica link, computer networks of at least 140 banks and other enterprises have been infected by this fileless malware called Duqu 2.0. This virus or malware simply exists in a computer’s memory without a file and this is why it is very difficult to detect it. It is reportedly derived from Stuxnet, a deadly computer worm of the same type that was developed by the US and Israel (allegedly) to sabotage Iran’s nuclear program. It seems the worm has returned to the US in a different variant.
How does this malware remain invisible and undetectable? It is called fileless because, as explained in this Kaspersky report, the hackers using this malware use an anti-forensic technique that allows them to hide themselves during data acquisition.
A good example of the implementation of such techniques is Duqu2. After dropping on the hard drive and starting its malicious MSI package it removes the package from the hard drive with file renaming and leaves part of itself in the memory with a payload.
Hackers are using this fileless, invisible virus or malware to steal money from bank accounts. This invisible malware has infected over 140 institutions including banks, government organizations and even telecom companies. If this is not another reason to use the assistance of managed it services who can help prevents threats like this, then I don’t know what will. As network security is very important, it makes sense to find ways of limiting these within your business.
As the above Kaspersky link explains, after infecting a system and starting the procedure, the malware becomes fileless – it has the ability to disappear after initiating a process. This is why it becomes difficult to trace it. It deletes itself after creating different processes. It can take several months before systems administrators and computer managers can realise or detect some problem with their system. Since nobody knows that this computer system is infected, the hackers have a free run. According to the Kaspersky report, more than 40 countries have been targeted with this fileless virus or malware and more than 21 instances of infections are within the United States. Nemesis?
This Wired article explains in detail how the fileless virus or malware hides itself in RAM or kernel, without needing files in the hard disk.