Wednesday 5 October 16:00 - 16:30, Green room
Himanshu Anand (Symantec)
Chastine Menrige (Symantec)
In the last year, there has been growing interest in a technique known as fileless infection, where malware authors compromise computers without writing any files to disk. This technique allows the threat to evade detection from file-scanning software while still remaining persistent.
This paper will explain the different fileless infection methods, as well as a new tactic which can allow attackers to perform fileless infection using a classic one-click fraud attack and non-PE files.
The first widespread threat we saw using the fileless infection technique was Trojan.Poweliks in 2014. Many other trojans followed suit as they evolved: Trojan.Bedep and Trojan.Kovter adopted the same technique after Poweliks.
Based on our research, the most common infection vectors for this technique include the following:
Our paper will explain and compare the most common ways in which malware authors use fileless infections today. We will discuss areas where we expect these methods to be used soon.
Himanshu Anand has been working with Symantec since 2013 as a security response engineer with the IPS OPS Team. He is the founding member of Linux User Group-Jaipur (#LUG-Jaipur freenode) and one of the first students of Malware Must Die (MMD). His research areas of interest include exploit writing & analysis, fuzzing, and hardware hacking. In his work with Symantec he deals with providing network base coverage for server-side as well as client-side attacks. He has spoken at numerous engineering colleges and open security conferences.
Chastine Menrige has over nine years of experience in threat research. Her previous role at Trend Micro involved mainly malware analysis and investigation of APT attacks. Currently, she is working for Symantec helping to provide network protection for both client- and server-side attacks and is doing research into remote code execution vulnerabilities, exploit kits and malware. In 2013, she spoke at a hacking conference in the Philippines, ROOTCon.