Fresh Malware Hard for Detecting while it Conceals Inside Memory
DNSMessenger a PowerShell Trojan created to attack Windows PCs was recently discovered as it utilized Domain Name Service (DNS) for exchanging messages - the Internet's turning point. There are hardly any PC operators who while blocking DNS do
When an unwitting user views the file, it, while posing as one protected document that McAfee Security safeguarded, directs that the user must re-click for seeing the matter inside the file but in reality the file is empty. Meanwhile, the re-click runs the file's malevolent script that ultimately compromises the user's PC.
The script doesn't get written to hard drive of the victim's PC rather it does whatever it's created to do in memory so it can't be detected. The PowerShell malware's second stage form gets saved inside Alternate Data Stream in conjunction with a file system called NTFS else straight into the registry followed with the malware's third stage form making message interchanges with certain C&C server through the DNS. Originally domain name system service is utilized for checking out the IP addresses that pertain to domain names; however, within the current instance, it's utilized for letting text messages through. Siliconangle.com posted this online dated March 5, 2017.
According to Talos team, its members couldn't get the command and control system to issue instructions to them when they were doing a testing. Actually, the attack is highly personalized therefore possibly the attackers' C&C instructions may get issued solely for the intended targets.
The malicious script is presently disseminated within Word files whose contents are specially coded, while Cisco lately introduced 'Umbrella' a product particularly created for overcoming DNS-based assaults similar to the above. Despite so, assaults can get really treacherous, while as users do not normally possess corporate tools say for instance Umbrella, extra caution is yet required while handling Word documents obtained online.
» SPAMfighter News - 09-03-2017