top of page

CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

Introduction to Fileless Malware




Fileless malware is a type of cyber attack that does not rely on the traditional method of installing malicious software on a victim's computer. Instead, it uses legitimate system tools and functions to carry out malicious actions, making it difficult to detect and prevent.


Fileless malware attacks often start with a phishing email or other social engineering technique that tricks the victim into clicking on a malicious link or opening a malicious attachment. This can trigger a series of events that ultimately lead to the execution of the fileless malware.


One standard method fileless malware uses is to leverage Windows Management Instrumentation (WMI) or PowerShell to execute malicious code in memory. These tools are legitimate built-in functions of the Windows operating system and are often used for system administration and automation tasks. By using these tools, the fileless malware can avoid detection by traditional security software that is designed to look for malicious files on the system.



Another method used by fileless malware is to leverage the registry to execute malicious code. The registry is a system and application settings database stored on the computer. Fileless malware can modify the registry to add a new entry that points to the malicious code, which is then executed when the system or application reads the registry.


Fileless malware can also use legitimate third-party applications, such as web browsers or productivity software, to execute malicious code. For example, a fileless malware attack may use a browser plugin to inject malicious code into a legitimate website, executed when the victim visits the site.


Fileless malware can be difficult to detect and remove because it does not leave any trace of itself on the victim's computer. Traditional security software that is designed to scan for and remove malicious files will not be able to detect or remove fileless malware.


To defend against fileless malware attacks, it is essential to have a multi-layered approach to security that includes preventative measures, such as training employees to recognize phishing emails and other social engineering tactics, and detective measures, such as network monitoring and intrusion detection systems. It is also essential to keep all system and application software up to date with the latest security patches to prevent vulnerabilities from being exploited by fileless malware.


In conclusion, fileless malware is a cyber attack that uses legitimate system tools and functions to carry out malicious actions, making it difficult to detect and prevent. To defend against fileless malware attacks, it is crucial to have a multi-layered approach to security that includes preventative and detective measures and keeps all system and application software up to date with the latest security patches.


References:


0 comments

Comments


doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  

SOCIALS 

SUBSCRIBE 

Keeping you informed | Latest News

© 2018 Dr. Chaos 

bottom of page