Home > News content

Security Intel "cyber threat report": Macro / no file based malware

via:纯真网络     time:2015/12/15 16:00:23     readed:1443

Security Intel (ex McAfee) researchers have compiled the latest "cyber threat report", which analyzes the most aggressive and widespread of the last month of the malicious software type. According to this report, they found two types of malicious activity: one of which is based on the macro virus malware, the other is the 'no file' (fileless) type of 'memory' (in-memory) malware.

IntelIntel Security《网络威胁报告》: 宏/无文件型恶意软件抬头

Macro malware is a kind of old type of malicious software can be traced back to the 90's, the macro (Macro) used to describe a set of operating records, after the user clicks on the button to launch.

IntelIntel Security《网络威胁报告》: 宏/无文件型恶意软件抬头

Macro is widely used in enterprise software, employees can take this automation to complete a number of repeat tasks. In recent years, the office software to give a macro to the computer more in-depth access, in addition to office software, but also with some of the lower levels of PC function.

IntelIntel Security《网络威胁报告》: 宏/无文件型恶意软件抬头

Due to this reason, to give a macro malware to surface, and through the Word document wantonly spread. These documents are usually sent to the victim by phishing or spam, which is then opened, and it will ask you if you enable macro support.

IntelIntel Security《网络威胁报告》: 宏/无文件型恶意软件抬头

Once the user has given authorization, the malware will automatically perform some of the effects that affect the user's PC. Security Intel pointed out that the macro threat to Office has reached the highest level in the past six years.

IntelIntel Security《网络威胁报告》: 宏/无文件型恶意软件抬头

Similarly, 'no file' (fileless) malware threats also have a rising trend, this is located in the 'in-memory' of the 'memory' of the malware, it has been for many years.

IntelIntel Security《网络威胁报告》: 宏/无文件型恶意软件抬头

Of course, it is not 100 to no file, but the binary content on the hard drive of other places. For the anti virus software, it is very easy to be pulled out of the.

According to Security Intel, the recent version of the no file version of the software appears to have found a detour solution, due to the full operation of the RAM PC, making detection becomes more difficult.

Near period of time has been observed in the no file type of malicious software including Kovter, XswKit, Powerlike, etc.. Its number is not based on the macro operation of the malicious software so high, but it can not be ignored.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments