Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives.
Kaspersky Lab is about to publish a new report about the prevalence of file-less malware in 140 known banks and other firms in 40 countries -- and since this kind of malware is so hard to detect, Kaspersky estimates that the true infection rate is much higher.
Kaspersky isn't sure how the malware spreads.
The researchers first discovered the malware late last year, when a bank's security team found a copy of Meterpreter—an in-memory component of Metasploit—residing inside the physical memory of a Microsoft domain controller. After conducting a forensic analysis, the researchers found that the Meterpreter code was downloaded and injected into memory using PowerShell commands. The infected machine also used Microsoft's NETSH networking tool to transport data to attacker-controlled servers. To obtain the administrative privileges necessary to do these things, the attackers also relied on Mimikatz. To reduce the evidence left in logs or hard drives, the attackers stashed the PowerShell commands into the Windows registry.
Fortunately, the evidence on the domain controller was intact, presumably because it hadn't been restarted before Kaspersky Lab researchers began their investigation. An analysis of the dumped memory contents and the Windows registries allowed the researchers to restore the Meterpreter and Mimikatz code. The attackers, the researchers later determined, had used the tools to collect passwords of system administrators and for the remote administration of infected host machines.
A rash of invisible, fileless malware is infecting banks around the globe
[Dan Goodin/Ars Technica]
Over at XKCD, Randall Munroe's predicted the Critical Vulnerabilities and Exposures for 2018, with some pretty solid predictions (especially under the tooltip, which finally reveals a secret that many of us have kept mum about for literal decades -- damn you, Munroe!).
It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them.
A pair of researchers from Toronto's storied Citizen Lab (previously) have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable.
Trains may not be the most popular means of conveyance nowadays, but chances are you grew up playing with toy trains or building a model set to wrap around the Christmas tree. In either case, it’s safe to say that locomotives have long carried a unique sense of awe and scale, especially when they’re hundreds […]
When it comes to redesigning or renovating a living space, envisioning changes before they occur can be tricky for most. Thankfully, the web is home to tools that can remove some of the guesswork, like Live Home 3D Pro for Mac. This app lets you create detailed and furnished floor plans for everything from sheds and […]
For many startups and fledgling businesses, web hosting — and the fees associated with it — can take a sizeable chunk out of the company budget and limit growth down the road. But, that’s not to say there aren’t hosts out there who can get your site online while staying within your budget. Arch Hosting is a […]