Evolution of Malware Continues

Wednesday, December 16, 2015 @ 11:12 AM gHale

There has been an increase in two types of malicious campaigns over the past month, one using macro-based malware, and one using fileless, in-memory malware, according to a new report.

Macro malware is a very old type of malware that first arrived on the scene back in the ‘90s, said researchers at Intel Security in a just-released McAfee Labs Quarterly Threat Report. Macro is a term used to describe a recorded set of operations which can end up triggered by the push of a button.

Companies Know DDoS Attackers
Cyber Fraud, Inside Threat Growing
More IoT Vulnerabilities Discovered
Connected ‘Things’ Continues to Grow

Macros commonly see use in enterprise software, where employees can automate repetitive tasks. In recent years, office software has given macros more wide-reaching access to computers, allowing them to interact with more low-level PC features, not just the office software itself.

For this reason, attackers decided to increase their use of macro-based malware, spreading it via weaponized Word documents.

These documents deliver out to victims via spear phishing or spam campaigns, and once opened, users end up asked to turn on macros support. Once this happens, the malware automatically executes, compromising the user’s PC.

Intel Security researchers said office-based macro threats are at their highest level in the last six years.

In terms of fileless malware, the researchers said in the report it has been around for years, just like macro-malware, but it was not entirely fileless. It usually left a binary somewhere behind on the hard drive, easy to pick up by antivirus solutions.

Not any more, said researchers at Intel Security. They found fileless malware versions that found a way around the issue, and are now much harder to detect, working entirely in a PC’s RAM.

Some of the most recent observed fileless threats includes malware families like Kovter, Powelike, and XswKit.

Click here to download the report.

Leave a Reply

You must be logged in to post a comment.