Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives.
Kaspersky Lab is about to publish a new report about the prevalence of file-less malware in 140 known banks and other firms in 40 countries -- and since this kind of malware is so hard to detect, Kaspersky estimates that the true infection rate is much higher.
Kaspersky isn't sure how the malware spreads.
The researchers first discovered the malware late last year, when a bank's security team found a copy of Meterpreter—an in-memory component of Metasploit—residing inside the physical memory of a Microsoft domain controller. After conducting a forensic analysis, the researchers found that the Meterpreter code was downloaded and injected into memory using PowerShell commands. The infected machine also used Microsoft's NETSH networking tool to transport data to attacker-controlled servers. To obtain the administrative privileges necessary to do these things, the attackers also relied on Mimikatz. To reduce the evidence left in logs or hard drives, the attackers stashed the PowerShell commands into the Windows registry.
Fortunately, the evidence on the domain controller was intact, presumably because it hadn't been restarted before Kaspersky Lab researchers began their investigation. An analysis of the dumped memory contents and the Windows registries allowed the researchers to restore the Meterpreter and Mimikatz code. The attackers, the researchers later determined, had used the tools to collect passwords of system administrators and for the remote administration of infected host machines.
A rash of invisible, fileless malware is infecting banks around the globe
[Dan Goodin/Ars Technica]
For $170, Motherboard’s Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target’s phone (the software’s manufacturer sells passcode-defeating apps that help you do this); once it’s loaded, you activate it with an SMS and then you can covertly operate the phone’s mic, steal its photos, and […]
Some employees with the U.S. Department of Homeland Security who work in the Washington, D.C. area and in Philadelphia, PA were unable to access the DHS computer network on Tuesday, reports Reuters, citing “three sources familiar with the matter.”
A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly’s remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America […]
Making people aware of goods and services in the digital age requires an array of new strategies from social media and email to number-crunching tools like Google Analytics. To get a handle on the techniques used to capture attention and convert traffic into dollars in a crowded online environment, the Full-Stack Marketer Bundle offers 22 hours of training to get […]
Having a luxurious bed isn’t just a fairy tale from a catalog; it is a real, affordable possibility with offerings like this Olive+Owen bedroom set. If you’re thinking of doing some “spring cleaning”, this bed set is an easy way to completely upgrade your room in one purchase.This 20-piece collection has all of the expected slumberland elements, […]
Python is immensely popular in the data science world for the same reason it is in most other areas of computing—it has highly readable syntax and is suitable for anything from short scripts to massive web services. One of its most exciting, newest applications, however, is in machine learning. You can dive into this booming […]