'Fileless' malware installs into RAM Researchers at Kaspersky Labs have found malware which, unusually, does not install any files on its victims PCs. The researchers aren’t quite sure how unusual it is, describing it as both “unique” and “very rare”, but no matter how scarce this type of malware is it does sound rather nasty as it “… uses its payload to inject …
Would that be the same Java that isn't even included with a default OS X install any more?
I haven't even bothered enabling Flash, let alone Java, in years. Neither are endorsed as standards by the W3C, so any website that cannot be viewed without either (or both) of them is clearly not standards-compliant. Such sites should be shunned until their developers get a clue.
(In the interests of not feeding the anti-Apple trolls, I should probably mention that I also use Windows and, yes, Flash and Java are both absent from my Windows 7 partition too. I haven't missed them.)
If you do get hit by this malware, you're holding the internet the wrong way.
"Java ... not endorsed as standard by the W3C"
And what exactly would it mean for the W3C to "endorsed Java as standard"? And what would it endorse? The Bytecode and Class file defintions? A particular implementation of a JVM? The Java language? Version 1.5 or 1.6? The whole Java library coaltrain? What?
Although there are some aspects where CLI is king, sometimes big-iron corporate firewalls with thousands of network objects, rules, access-lists and crypto-maps are easier to handle via GUI. For example Packet Tracer and Packet Capture Wizard are invaluable troubleshooting tools that require a GUI.
If you can infect a java system it is probably something that stays up for a long time and it you are better off re-infecting after a reboot than tipping-off AV or file integrity systems by trying to store something.
Probably aimed at small-medium corporate systems rather than the home pc or large-enterprise with IDS.
Of course, you restart your daemons regularly and use a SAN with r/o base systems and SAN mounted software installs so you can regularly check MD5 sums for malicious alterations, right?
Java got nuked off all my systems, after 2 drive-by downloads in the last 2 months. Both were stopped by the AV, but I'm still paranoid enough that I had to waste a few hours testing to make sure.
Both times I was on the most up-to-date build.
Does LibreOffice need Java, in the same way OpenOffice did? If so it might have to go back on the home PC - or I'll just use Google Docs for the very few times I need office-y stuff on it.
I've started using an iPad running OnLive Desktop when I need to go places on the web where I should really know better.
The iPad is pretty much immune to anything currently out there, and the OnLive server instance I have is locked down and it's system files can't be modified so it's pretty much immune too. I believe the OnLive images are killed and rebuilt every night anyway.
I admit it's not a replacement for a full PC setup, but I'm rapidly finding it my go-to solution for most things Internetty. Doesn't hurt that it gives me a 97Mbit download speed AND because the OnLive servers are based in the US, I can get Hulu and ABCPlayer wherever I am in the world.
Downside; you do need a decent internet connection to connect to OnIive, so not a permanent solution for most people.
Java is ubiquitous in the world these days for anything as it "makes the developer's life easy".
IBM use it in their product lines, Symantec use it, hell, every bugger uses it. To think of it as something for internet use is to understate the problem by several orders of magnitude.
And before people start wittering about Norton anti-virus, I'm referring to the enterprise level product lines there, stuff like Veritas.
The tendency here seems to be more Java as time goes on, not less, and it's everywhere.
Java is freaking everywhere in Enterprise. And you know why? Even though it is shite in so many ways it is easy to learn. Thus when you have damn near every CompSci grad and half the population of India with a basic knowledge of the language you can get by with paying crap wages to your coder drones.
How does this count as "not installing any files"? Sure, it doesn't install any of its own files, and it taken a somewhat indirect route to installing this one, but if it survives a reboot (which the article states is the point of the exercise) then that sounds a lot like a file to me.
Now I could imagine a virus whose author was sufficiently confident of his ability to re-infect you after the reboot, who therefore chose not to install any files so as to increase the chances of going undetected. That would be an impressive piece of chutzpah and newsworthy.
But this, I don't think so. On the evidence of this article, it is just another delivery mechanism for a bog-standard file-system-based Trojan.
It's worse than that, actually, in the sense of lame-press-release territory. It's nothing more than the way this stuff has always been done, for as long as malware has spread itself via the Internet. All those tasty buffer-overflow bugs, from back in 2000 or even earlier, allowed the malevolent server to plant code into the browser process, and for that code to download other code, either to memory or to files on disk.
Lame, lame, lame.
FAIL icon for the people making the announcement.
"That installation attempt is the malware’s key task, as living in RAM means fileless malware won’t survive a system reboot."
Well yeah! I was keenly reading , interested to find out how the malware got over that hurdle , to discover it does infact install some files, somebody else's code too.
so I'm not seeing the difference really.
That's what this version does.
What about the version that they haven't found yet, which just lives in RAM.
If it's pervasive enough then the botnet could just run in RAM.
And then when the JVM's die so too does that part of the botnet, so the body is dumped, no evidence.
http://www.theregister.co.uk/2003/01/27/sql_worm_slams_the_net/
January 2003: a RAM-resident worm attacking a patched vulnerability in Microsoft SQL Server. If you hadn't patched it, that is. Oh, and performing denial-of-service by drowning your network in infection attempts.
.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
