NEWS ANALYSIS: Kaspersky Lab has discovered a new strain of malware that hides in memory and trusted applications while it stealthily steals sensitive data.
A new breed of malware found by Kaspersky Lab may seem like a nightmare for system administrators and IT managers. This is malware that uses legitimate – frequently open-source – software to infect a system, then uses commonly used Windows services for implementation and operation.
Once the malware is running inside of Windows, it erases all traces of its existence, resides in the memory of the server that it infected only long enough to exfiltrate the information it’s been sent to steal and then it erases itself.
Because the new malware examples, which Kaspersky has named MEM:Trojan.win32.cometer and MEM:Trojan.win32.metasploit, reside in memory, they can’t be found by standard antivirus packages that scan a computer’s hard disk. Furthermore the malware hides inside of other applications making it practically invisible to antivirus packages and whitelisting services used by many firewalls.
