Kaspersky discovers fileless malware inside Windows Event logs
By MYBRANDBOOK
Recently, Kaspersky published a detailed analysis of a complex attack involving a combination of various techniques and pieces of software and highlighted the use of Windows event logs as something completely new.
The Windows event log and Event Viewer are supposed to help users diagnose security issues and other problems in PCs. However, Kaspersky researchers encountered one hacker who used the event log itself against their target. The attacker inserted shellcode into the target's Windows event logs, leaving no files for antivirus to detect.
The hacking groups employed two types of Trojans for the last stage, gaining further access to the system. This was delivered through two different methods, both via HTTP network communications and by engaging the named pipes.
The HTTP network method saw the malicious file target the Windows system files, hiding a piece of malware by creating a duplicate of an existing file with “1.1” added to the string, which is assumed to be the malicious version of a file.
The other method is known as the Named-Based Pipes Trojan, which locates the Microsoft Help Data Services Module library within Windows OS files and then grabs an existing file to overwrite it with a malware version that can execute a string of commands. Once the malicious version is run, the victim’s device is scraped for architecture and Windows version information.
Denis Legezo, lead security researcher at Kaspersky said, “We witnessed a new targeted malware technique that grabbed our attention. For the attack, the actor kept and then executed an encrypted shellcode from Windows event logs. That’s an approach we’ve never seen before and highlights the importance of staying aware of threats that could otherwise catch you off guard. We believe it’s worth adding the event logs technique to MITRE Matrix’s Defense Evasion and Hide Artifacts section. The usage of several commercial pentesting suites is also not the kind of thing you see every day.”
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
MICROMAX INFORMATICS LTD.
NUMERIC INDIA, A Group Brand Legrand
FIREBOLTT
POLYCAB INDIA PVT. LTD.
Technology Icons Of India 2023: Nandan Nilekani
Nandan Nilekani is the Co-Founder and Chairman of the Board, Infosys T...
Technology Icons Of India 2023: Sunil Bharti Mittal
Sunil Bharti Mittal is the Founder and Chairman of Bharti Enterprises,...
Technology Icons Of India 2023: Rajiv Srivastava
Rajiv Srivastava is the Managing Director of Redington Group. With 35 ...
C-DAC keeps India ahead in IT & Electronics R&D space
Centre for Development of Advanced Computing (C-DAC) is the premier R&...
HPCL is transforming the energy landscape, across the nation and beyond
HPCL is world-class energy company known for caring and delighting the...
Leading company into fertilizers in the country
NFL is a dynamic organization committed to serve the farming community...
B D SOFTWARE
BD Software is the distributor of IT security solutions in India. The ...
SAVEX TECHNOLOGIES PVT. LTD.
Savex Technologies is the 3rd largest Information & Communication Tec...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...