What is it?
Ransomware has enjoyed a lot of media attention this year, but there is a new entrant that is poised to take over. It is called fileless malware. According to cyber security specialists, this type of threat is very deceptive and highly effective in executing whatever task it was designed for. It has proven invisible for most antivirus software and protection programs. However, there are some IT products that can actually get rid of it.
Explanation
Fileless malware is a type of virus that invades a system without leaving behind any file on the hard drive. It is not referred to as fileless because it doesn’t have files, rather the reference means that it can interfere with the system without dropping any suspicious file onto a computer’s hard drive.
Instead of being stored on the hard drive, the virus hides in the RAM and Windows Registry. Since the RAM allows data to be stored temporarily, some parts of the virus can embed themselves and stay there without going to the hard disk. This kind of virus is very rare to find since it can remains active only before you restart or shut down your computer.
The fileless virus in the Windows Registry is a hybrid version of the one stored in the RAM. The Windows Registry stores a variety of settings that help Windows to run smoothly. The virus uses native Windows applications like Windows Management Instrumentation (WMI) and PowerShell to deliver its payload.
How It Works
The infection begins when you are browsing. While navigating the web looking at pictures, reading funny stories and watching videos, you visit a site that happens to be having an exploit kit. The kit then scans the browser you are using to check if there are outdated plugins like Adobe, Java, etc. The kit tries to exploit the security loopholes in these outdated plugins. If it succeeds, the kit begins to run the malware’s payload into the memory of your computer. Your computer becomes completely infected.
How to Protect Yourself
Fileless virus can be very troublesome. Luckily, there are a number of precautions you can take to prevent infections. Update all your applications and operating systems with the latest security patches. Over 85 percent of infections can be prevented through regular updates. If you cannot keep up with the updates, set your applications to update automatically.
Disable Windows PowerShell to prevent task automation and configuration. Task automation and configuration makes the system to become more vulnerable to attacks.
Apart from disabling Windows PowerShell and updating your applications regularly, you need to use an antivirus that can detect abnormal behaviors and monitor traffic logs for suspicious activities. An antivirus that is capable of identifying strange behaviors will detect malicious activities and immediately block or remove them.
How to Know if Your Current Antivirus Is Enough
The narrative that fileless virus is invisible to traditional antivirus applications is just a mere sales hype. Though it is not stored on a hard drive, there are many IT solutions you can use to reveal and remove the it, regardless where it is. Most of these solutions are available online for a small amount of money.
