Slashdot Mirror

← Back to Stories (view on slashdot.org)

Java Web Attack Installs Malware In RAM

Posted by Soulskill on from the movin'-on-up dept.

snydeq writes "A hard-to-detect piece of malware that doesn't create any files on the affected systems was dropped onto the computers of visitors to popular news sites in Russia in a drive-by download attack, according to Kaspersky Lab. 'What's interesting about this particular attack is the type of malware that was installed in cases of successful exploitation: one that only lives in the computer's memory. ... It's ideal to stop the infection in its early stages, because once this type of "fileless" malware gets loaded into memory and attaches itself to a trusted process, it's much harder to detect by antivirus programs.'"

2 of 98 comments (clear)

  1. It doesn't by improfane · · Score: 5, Informative

    It doesn't have to. It contacts the C&C server where someone presumably decides whether to install further bots or more resident exploits.

    The exploit seems to be more about stealth distribution and about dropping other malware. This makes sense because if a dropper is detected as malicious, it becomes useless due to its detection. (You can safely assume anything using a dropper is malicious)

    This means that anti virus software should in theory only be able to detect the actual dropped malware. Any new malware could have had a field day with this exploit because both the dropper and malware would not have been detected.

    From my understanding of the article it actually dropped the Lurk trojan but I get the feeling it could drop anything the C&C wants it to.

    --
    Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
  2. Re:Ctrl-Alt-Del by gstoddart · · Score: 5, Informative

    In this case it's more general, you have to press the reset button which is the most frequent solution to any computer problem on any platform.

    Oh, if only that weren't true.

    My wife does enterprise storage, used to do backups ... occasionally a server gets out of whack, and has all sorts of problems. Eventually she or someone on her team ends up saying "can we just reboot it?". This is usually after several days of troubleshooting and huge amounts of time spent.

    It fixes a vast amount of issue in which nobody can identify what's going wrong. Though, it makes any proper form of root-cause impossible to track down. I've heard this referred to as "The Microsoft Patch".

    I also know some old-school UNIX admins and mainframe guys who cringe at the notion that a reboot can be a viable way of troubleshooting/making the problem go away. Because they don't reboot unless God himself has filled out all of the right paperwork, and only then if he's got a really good reason and there are no alternatives.

    --
    Lost at C:>. Found at C.