Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives.
Kaspersky Lab is about to publish a new report about the prevalence of file-less malware in 140 known banks and other firms in 40 countries -- and since this kind of malware is so hard to detect, Kaspersky estimates that the true infection rate is much higher.
Kaspersky isn't sure how the malware spreads.
The researchers first discovered the malware late last year, when a bank's security team found a copy of Meterpreter—an in-memory component of Metasploit—residing inside the physical memory of a Microsoft domain controller. After conducting a forensic analysis, the researchers found that the Meterpreter code was downloaded and injected into memory using PowerShell commands. The infected machine also used Microsoft's NETSH networking tool to transport data to attacker-controlled servers. To obtain the administrative privileges necessary to do these things, the attackers also relied on Mimikatz. To reduce the evidence left in logs or hard drives, the attackers stashed the PowerShell commands into the Windows registry.
Fortunately, the evidence on the domain controller was intact, presumably because it hadn't been restarted before Kaspersky Lab researchers began their investigation. An analysis of the dumped memory contents and the Windows registries allowed the researchers to restore the Meterpreter and Mimikatz code. The attackers, the researchers later determined, had used the tools to collect passwords of system administrators and for the remote administration of infected host machines.
A rash of invisible, fileless malware is infecting banks around the globe
[Dan Goodin/Ars Technica]
Amanda Rousseau’s self-learning materials for her Malware Unicorn workshop are a fantastic introduction to understanding and analyzing malware, covering the techniques used by malware authors, reverse-engineering tools, and three kinds of analysis: triage, static and dynamic.
Police who rely on vulnerabilities in crooks’ devices are terminally compromised; the best way to protect crime-victims is to publicize and repair defects in systems, but every time a hole is patched, the cops lose a tool they rely on the attack their own adversaries.
Software can be thought of as a system for encapsulating the expertise of skilled practitioners; translate the hard-won expertise of a machinist or a dental technician or a bookkeeper into code, and people with little expertise in those fields can recreate many of the feats of the greatest virtuosos, just by hitting Enter.
Thread count isn’t like one of those deceiving metrics like camera megapixels or Facebook friends—more threads are always better if you can afford them. If price was no object, we would all be snoozing soundly bundled up in 1.8 kilo-thread sheets every single night. Guess what? Price doesn’t have to be an object with this […]
Maybe it’s entirely because of podcast ads, but drag-and-drop tools like Squarespace have gotten immensely popular in recent years. While it’s definitely a great tool for any non-coders who want to get a small website up and running quickly, managing content with a primarily visual interface can become a pain once you have more than […]
When you can’t wait for the world’s longest meeting to end, the mindless leg bouncing makes your boredom obvious and just annoys everybody else. Everyone knows the TPS reports need the damn cover sheet, but some sadistic colleague keeps forgetting, probably on purpose just to eat into your lunch hour. Enough is enough!While serving a […]