U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Computers
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
 
Old 03-19-2012, 08:53 AM
 
15,924 posts, read 17,649,799 times
Reputation: 7645

Advertisements

FYI....

Researchers at Kaspersky Labs have found malware which, unusually, does not install any files on its victims PCs.


The researchers aren’t quite sure how unusual it is, describing it as both “unique” and “very rare”, but no matter how scarce this type of malware is it does sound rather nasty as it “… uses its payload to inject an encrypted dll from the web directly into the memory of the javaw.exe process.” That mode of operation means Windows and MacOS are both affected by the exploit, which is hard for many antivirus programs to spot given it runs within a trusted process.

'Fileless' malware installs into RAM ? The Register
Reply With Quote Quick reply to this message

 
Old 03-19-2012, 09:14 AM
 
2,182 posts, read 4,706,348 times
Reputation: 1206
This is part of the reason Flash and Java are updated so much. Very interesting read, thanks for posting.
Reply With Quote Quick reply to this message
 
Old 03-19-2012, 10:48 AM
 
28,611 posts, read 40,594,929 times
Reputation: 37281
If it installs in RAM that's another reason to shut down your PC every night.

Maybe I'm confused. If it doesn't install files, what is this?

"Once under your machine’s guard, the malware tries to attack Windows User Account Control so it install the Lurk Trojan and connect to an associated botnet."
Reply With Quote Quick reply to this message
 
Old 03-19-2012, 06:07 PM
 
Location: 10110001010110100
6,385 posts, read 10,843,546 times
Reputation: 5589
If it ain't the darn Chinese, it is the freakin' Russians. How can something be "unique" and "very rare" at the same time? lol.
Thanks for sharing.
Reply With Quote Quick reply to this message
 
Old 03-20-2012, 09:28 AM
 
7,376 posts, read 13,033,199 times
Reputation: 6974
brilliant
Reply With Quote Quick reply to this message
 
Old 03-21-2012, 11:29 AM
 
Location: USA
701 posts, read 993,994 times
Reputation: 651
Quote:
“… uses its payload to inject an encrypted dll from the web directly into the memory of the javaw.exe process.” That mode of operation means Windows and MacOS are both affected by the exploit,....
Can DLLs (Dynamic Link Libraries) be used on the Mac OS now?
Reply With Quote Quick reply to this message
 
Old 03-21-2012, 04:21 PM
 
8,266 posts, read 10,840,027 times
Reputation: 4774
I don't get it.

It simulates a dll in the heapspace of the java process running in the browser to trick UAC into allowing installation of the Lurk Trojan? Wouldn't it then no longer be fileless, having installed something so that it persists a reboot?

And as fastninja eluded to, how does a dll affect MacOS?
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Computers
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 11:06 AM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top