10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.6%
Kaspersky finds Malware that resides in your RAM
Kaspersky Lab researchers have discovered a drive-by download attack that evades hard-drive checkers by installing malware that lives in the computerโs memory. The โfilelessโ bot is more difficult for antivirus software to detect, and resides in memory until the machine is rebooted.
This Malware doesnโt create any files on the affected systems was dropped on to the computers of visitors to popular news sites in Russia in a drive-by download attack.Drive-by download attacks are one of the primary methods of distributing malware over the web. They usually exploit vulnerabilities in outdated software products to infect computers without requiring user interaction.
The attack code loaded an exploit for a known Java vulnerability (CVE-2011-3544), but it wasnโt hosted on the affected websites themselves. Once the malware infected a Microsoft machine, the bot disabled User Account Control, contacted a command and control server and downloaded the โLurkโ Trojan. The malware also attacked Apple devices.
The Java exploitโs payload consisted of a rogue DLL that was loaded and attached on the fly to the legitimate Java process.Normally this malware is rare, because it dies when the system is rebooted and the memory is cleared. But the hackers do not really care because there is a good chance that most victims would revisit the infected news websites.Once the malicious DLL loaded into memory it sends data and receives instructions from a command and control server over HTTP.