Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Fresh Malware Hard for Detecting while it Conceals Inside Memory

 

DNSMessenger a PowerShell Trojan created to attack Windows PCs was recently discovered as it utilized Domain Name Service (DNS) for exchanging messages - the Internet's turning point. There are hardly any PC operators who while blocking DNS do
not get into other troubles, while strange data traffic would pass unnoticed under their very eyes. Exploitation of DNS is not wholly unknown, yet DNSMessenger implements a highly unusual dual-side strategy which both issues instructions to victim computers as well as transmits results onto the remote attacker.

 

When an unwitting user views the file, it, while posing as one protected document that McAfee Security safeguarded, directs that the user must re-click for seeing the matter inside the file but in reality the file is empty. Meanwhile, the re-click runs the file's malevolent script that ultimately compromises the user's PC.

 

The script doesn't get written to hard drive of the victim's PC rather it does whatever it's created to do in memory so it can't be detected. The PowerShell malware's second stage form gets saved inside Alternate Data Stream in conjunction with a file system called NTFS else straight into the registry followed with the malware's third stage form making message interchanges with certain C&C server through the DNS. Originally domain name system service is utilized for checking out the IP addresses that pertain to domain names; however, within the current instance, it's utilized for letting text messages through. Siliconangle.com posted this online dated March 5, 2017.

 

According to Talos team, its members couldn't get the command and control system to issue instructions to them when they were doing a testing. Actually, the attack is highly personalized therefore possibly the attackers' C&C instructions may get issued solely for the intended targets.

 

The malicious script is presently disseminated within Word files whose contents are specially coded, while Cisco lately introduced 'Umbrella' a product particularly created for overcoming DNS-based assaults similar to the above. Despite so, assaults can get really treacherous, while as users do not normally possess corporate tools say for instance Umbrella, extra caution is yet required while handling Word documents obtained online.

» SPAMfighter News - 3/9/2017

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next