New Malware Type, Old Security Threat

Fileless Malware Installs Trojans Without Downloading

We’re all aware that viruses install themselves on our computers and then do something malicious. Now, however, researchers have discovered a virus that doesn’t install – a fileless malware. So what does this mean for computer security?

Fileless malware is pretty unique, and if this isn’t the only recorded instance, it is certainly a very rare method of exploiting computer security.

The strain discovered last week works by injecting an encrypted .dll (dynamic link library) file from the web directly into the memory of Java – a commonly used software platform (you probably have it). This means both Windows and Mac systems can be affected by the malware.

And because Java is viewed as a trusted process by the operating systems, it might be difficult for antivirus programs to find it. Uh-oh.

The upside to this type of virus (if there is one…) is that because the malware lives in your RAM rather than on your hard-drive, rebooting your computer will remove the infection.

In a sense, however, fileless malware is more like the needle of a syringe rather than a virus. The malware itself is annoying, but it won’t do any permanent damage.  The real danger lies in what the needle transmits. With this one, it’ll download and activate the Lurk trojan. Lurk is notorious for its concentration on stealing online banking information.

This particular needle isn’t very sharp, however, as the malware exploits a well-known Java vulnerability: CVE-2011-3544. Oracle has already patched that problem, so anyone with an up-to-date installation shouldn’t worry.

It has also only been detached on ads served up on Russian web sites, so the majority of the web should be safe.

Despite the relatively harmless nature of this malware on up-to-date computers, it shows that malware manufactures are always finding newer and newer ways of exploiting computer security. Do you still feel safe in this environment?