1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Registry-Residing Malware Creates No File for Antivirus to Scan

Discussion in 'Security Updates' started by snoopy, Aug 4, 2014.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    A new form of persistent malware has been discovered, one which does not create any file on the disk and stores all activities in the registry.

    In a blog posted at the end of July, security researcher Paul Rascagneres of GData details the particularities of the new type of malware, dubbed Poweliks, whose methods he labels as “rather rare and new,” since everything is performed in the memory of the computer system and there are several layers of code to get through in order to avoid analysis.

    The attack vector is an email with a malcrafted Microsoft Word document attached. The vulnerability leveraged by the attackers is CVE-2012-0158, which affects Office and several other Microsoft products. It is not new, but many users are still using old versions of the software that could be compromised.

    Once the file is launched, the cybercriminals turn on the persistency feature of the malware by creating an encoded autostart key in the registry. It seems that the encoding technique used by the malware was originally created by Microsoft to safeguard their source code from being altered.

    More details & screenshot -
    http://news.softpedia.com/news/Regi...es-No-File-for-Antivirus-To-Scan-453374.shtml
     
    snoopy, Aug 4, 2014
    #1

Share This Page