Kaspersky finds Malware that resides in your RAM

[Nytro]

Kaspersky finds

Malware that resides in your RAM

Kaspersky Lab researchers have discovered a drive-by download attack that evades hard-drive checkers by installing malware that lives in the computer's memory. The 'fileless' bot is more difficult for antivirus software to detect, and resides in memory until the machine is rebooted.

This Malware doesn't create any files on the affected systems was dropped on to the computers of visitors to popular news sites in Russia in a drive-by download attack.Drive-by download attacks are one of the primary methods of distributing malware over the web. They usually exploit vulnerabilities in outdated software products to infect computers without requiring user interaction.

The attack code loaded an exploit for a known Java vulnerability (CVE-2011-3544), but it wasn't hosted on the affected websites themselves. Once the malware infected a Microsoft machine, the bot disabled User Account Control, contacted a command and control server and downloaded the 'Lurk' Trojan. The malware also attacked Apple devices.

The Java exploit's payload consisted of a rogue DLL that was loaded and attached on the fly to the legitimate Java process.Normally this malware is rare, because it dies when the system is rebooted and the memory is cleared. But the hackers do not really care because there is a good chance that most victims would revisit the infected news websites.Once the malicious DLL loaded into memory it sends data and receives instructions from a command and control server over HTTP.

Sursa: Kaspersky finds Malware that resides in your RAM | The Hacker News (THN)

[ripoff]

Cel mai bine sa ai java disabled

Daca e stealer nu are nevoie decat de o singura executie sa te nenoroceasca

[iBebe]

Cel mai bine sa ai java disabled

Daca e stealer nu are nevoie decat de o singura executie sa te nenoroceasca

Tu crezi ca cei care au conceput asta au lasat un stealer? BOTNET omule..

[nedo]

De fapt un stealer este o aplicatie mult mai convenabila in prima faza. Pentru un botnet este necesar ca malware-ul sa descarce troianul si sa il instaleze, deoarece malware-ul rezida in memoria calculatorului doar pana cand calculatorul este inchis sau restartat. Acest tip de malware nu este persistent.

[alexu]

Interesanta stire .

@iBebe , nedo de ce va complicati in termeni ? Scrie clar ca malware-ul din RAM dezactiveaza UAC-ul , dupa care descarca troianul " Lurk " , pe care evident il instaleaza . Troianul respectiv , probabil , poate sa faca orice : sa fure parole , sa creeze un botnet etc De ce ar fi lucruri diferite ? Am cautat pe Google, dar nu prea exista informatii despre respectivul troian ( Lurk ) pe care il descarca bot-ul rezident in RAM .