Malware To Be Found On Less Suspicious File Types
Malware Uses Less Suspicious File Types
According to security experts, PowerShell is a scripting language for automating administration tasks in the Windows system. In the past, this scripting language has been abused to download malware. Some malware programs are even entirely written in PowerShell.
In the recent email-based malware distribution campaign seen by Microsoft, the malicious LNK files included a PowerShell script that has the role to perform an automatic malicious action. The script is downloading and installing the Kovter click fraud Trojan without the user's knowledge. The Locky ransomware has been distributed in the past by using the same technique.
Security researchers from Intel Security warned on Thursday, Feb. 2, that PowerShell can also be used to launch directly the malicious code into memory in so-called fileless attacks. The particularity of this type of attacks is that nothing is saved to disk, so the attack is very difficult to detect by the endpoint security products.
The Intel Security researchers said that even if PowerShell execution policies are set to "Restricted," users are still not protected from fileless malware. Attackers can easily bypass these policies. As consequence, the malicious scripts are allowed to run.
Measures To Limit Email Malware Proliferation
Email file attachments are common vectors for malware, as reported by Symantec. Exposure to risk can be limited by blocking certain common file types/extensions. However, at the expense of limiting exposure to possibly malicious files, blocking any of these files extensions will also block some valid files. Different means that email can be used to share or transfer these types of files in cases where blocked file types need to be shared.
Most mail security products have facilities to block these types of files by files extension, regardless of which product is being used. However, in this scenario, if a file is renamed it will not be blocked. Only a few mail security products can also block by the "true file type" even if it has been renamed.
Why Most People Don't Do More To Protect Against Hackers?
Security experts warn on the fact that most people are not taking enough measures to protect against hackers.
Nursing School In California Is Attacked By Ransomware
California nursing school has been the victim of a ransomware cyberattack.
How Secure Are The Connected Cars?
The connected cars might be vulnerable to hacking and cyber attacks.
How to Find Malware: Microsoft and Intel Train Anti-Virus Program to "See" Malicious Behavior
Both Microsoft and Intel have begun to work together hand in hand in order to provide a better way of fighting malware.
Beware! This Ransomware Self-Spreads At An Alarming Rate! What Can You Do To Keep Your Network Safe?
Computer security alert! Keep your network and devices safe from this fast-spreading LockBit malware with these tips from the experts.
MORE IN ITECHPOST
Want To View Inaccessible Content That's Region Locked? ExpressVPN Is On Sale!
When viewing content online, you may come across content that's not available for you because of your location. A VPN can help you bypass those restrictions!
[Video] SpaceX Starship Prototype Explodes Ahead of Upcoming Historic Crewed Rocket Launch
Before the upcoming historic crewed rocket launch by SpaceX's Dragon, the Starship prototype exploded in Texas!
Darkest Dungeon Is Celebrating Its New DLC With A Free Weekend: Here Are Some Tips To Help You Out!
Red Hook Studio's Darkest Dungeon has had a new DLC released on Steam and with it a free weekend. Grab the PvP game and try it out after reading these tips on how you can play the game the best you can.