Security Intel (ex McAfee) researchers have compiled the latest "cyber threat report", which analyzes the most aggressive and widespread of the last month of the malicious software type. According to this report, they found two types of malicious activity: one of which is based on the macro virus malware, the other is the 'no file' (fileless) type of 'memory' (in-memory) malware.
Macro malware is a kind of old type of malicious software can be traced back to the 90's, the macro (Macro) used to describe a set of operating records, after the user clicks on the button to launch.
Macro is widely used in enterprise software, employees can take this automation to complete a number of repeat tasks. In recent years, the office software to give a macro to the computer more in-depth access, in addition to office software, but also with some of the lower levels of PC function.
Due to this reason, to give a macro malware to surface, and through the Word document wantonly spread. These documents are usually sent to the victim by phishing or spam, which is then opened, and it will ask you if you enable macro support.
Once the user has given authorization, the malware will automatically perform some of the effects that affect the user's PC. Security Intel pointed out that the macro threat to Office has reached the highest level in the past six years.
Similarly, 'no file' (fileless) malware threats also have a rising trend, this is located in the 'in-memory' of the 'memory' of the malware, it has been for many years.
Of course, it is not 100 to no file, but the binary content on the hard drive of other places. For the anti virus software, it is very easy to be pulled out of the.
According to Security Intel, the recent version of the no file version of the software appears to have found a detour solution, due to the full operation of the RAM PC, making detection becomes more difficult.
Near period of time has been observed in the no file type of malicious software including Kovter, XswKit, Powerlike, etc.. Its number is not based on the macro operation of the malicious software so high, but it can not be ignored.