Kaspersky discovers fileless malware inside Windows Event logs
By MYBRANDBOOK
Recently, Kaspersky published a detailed analysis of a complex attack involving a combination of various techniques and pieces of software and highlighted the use of Windows event logs as something completely new.
The Windows event log and Event Viewer are supposed to help users diagnose security issues and other problems in PCs. However, Kaspersky researchers encountered one hacker who used the event log itself against their target. The attacker inserted shellcode into the target's Windows event logs, leaving no files for antivirus to detect.
The hacking groups employed two types of Trojans for the last stage, gaining further access to the system. This was delivered through two different methods, both via HTTP network communications and by engaging the named pipes.
The HTTP network method saw the malicious file target the Windows system files, hiding a piece of malware by creating a duplicate of an existing file with “1.1” added to the string, which is assumed to be the malicious version of a file.
The other method is known as the Named-Based Pipes Trojan, which locates the Microsoft Help Data Services Module library within Windows OS files and then grabs an existing file to overwrite it with a malware version that can execute a string of commands. Once the malicious version is run, the victim’s device is scraped for architecture and Windows version information.
Denis Legezo, lead security researcher at Kaspersky said, “We witnessed a new targeted malware technique that grabbed our attention. For the attack, the actor kept and then executed an encrypted shellcode from Windows event logs. That’s an approach we’ve never seen before and highlights the importance of staying aware of threats that could otherwise catch you off guard. We believe it’s worth adding the event logs technique to MITRE Matrix’s Defense Evasion and Hide Artifacts section. The usage of several commercial pentesting suites is also not the kind of thing you see every day.”
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
SAMRIDDHI AUTOMATIONS PVT. LTD.
LUMINOUS POWER TECHNOLOGIES PVT. LTD.
ADITYA INFOTECH LTD.
WIPRO LTD.
Icons Of India : Deepak Sharma
Deepak Sharma spearheads Schneider Electric India. He brings with him ...
Icons Of India : GAUTAM ADANI CHAIRMAN ADANI GROUP
Gautam Adani is the Founder and Chairman of the Adani Group, which ran...
Icons Of India : ALOK OHRIE
Alok Ohrie leads Dell Technologies’ India business, overseeing Sales...
CSC - Common Service Centres
CSC initiative in India is a strategic cornerstone of the Digital Indi...
IREDA - Indian Renewable Energy Development Agency Limited
IREDA is a specialized financial institution in India that facilitates...
UIDAI - Unique Identification Authority of India
UIDAI and the Aadhaar system represent a significant milestone in Indi...
Indian Tech Talent Excelling The Tech World - ANJALI SUD, CEO – Tubi
Anjali Sud, the former CEO of Vimeo, now leads Tubi, Fox Corporation...
Indian Tech Talent Excelling The Tech World - Anirudh Devgan , President, Cadence Design
Anirudh Devgan, the Global President and CEO of Cadence Design Systems...
Indian Tech Talent Excelling The Tech World - NEAL MOHAN, CEO - Youtube
Neal Mohan, the CEO of YouTube, has a bold vision for the platform’s...