Kaspersky finds Malware Sans File Installation Function
Researchers from Kaspersky the security company claim they discovered malicious software, which quite unnaturally doesn't load any file to the infected computer.
While not really sure about the extent of this unnaturalness, the researchers, however, stated that the malware wasn't just exclusive but extremely rare too. Moreover, irrespective of its extent of rarity, the malware undoubtedly was quite horrible since it inserted one encrypted Dynamic Link Library (DLL) file via the Web, utilizing its payload, straight into the lavaw.exe process' memory. Such a method-of-operation implied that both Mac and Windows OS were impacted from the attack code that was difficult to detect by most anti-virus applications considering that it ran inside one trusted process, the researchers contended.
Essentially, soon as the malware permeates the computer's security, it attempts at attacking the UAC (User Account Control) of Windows for planting a Trojan called Lurk as also links up with a related botnet. This planting of Lurk is the main job of the malware for, residing within Random Access Memory (RAM) implies that malware without a file won't last during the start-up of the system.
Still the malicious program manages doing so by using the familiar CVE-2011-3544 Java vulnerability; highlight Kaspersky's researchers, adding that it nonetheless already carries a patch since long.
Kaspersky remarks that based on an assessment of the components Lurk utilizes, its researchers now known in detail the way the malware works; i.e. it captures end-users' highly secret information so as to acquire admission into their Internet sessions with many prominent Russian banks.
Nevertheless, according to Kaspersky Labs' researcher Sergey Golovanov, it can't be said that the identical attack code or the identical bot sans files won't get utilized for attacking people elsewhere on the globe. In fact, they can get disseminated through the same type of teaser networks or banners even beyond Russia. Expectedly, more malicious programs aside Trojan-Spy.Win32.Lurk will get utilized during the process, Golovanov cautions. Securelist.com published this on March 16, 2012.
Meanwhile, the threat can be avoided if, according to Kaspersky, consumers deploy the patch for the CVE-2011-3544 security flaw within Java that's presently also the sole solution.
» SPAMfighter News - 24-03-2012