Fayl la'aanta Malware^{(Fileless Malware)} waxay noqon kartaa erey cusub inta badan laakiin warshadaha amniga ayaa yaqaanay sanado. Sannadkii hore in ka badan 140 shirkadood oo adduunka oo dhan ah ayaa lagu dhuftay Malware -kan Fileless -^{(Fileless Malware –)} oo ay ku jiraan bangiyada, isgaadhsiinta, iyo ururrada dawladda. Fileless Malware , sida magacu sharaxayo waa nooc ka mid ah malware-ka oo aan taaban saxanka ama isticmaalin wax faylal ah habka. Waxa lagu shubaa habraac sharci ah. Si kastaba ha noqotee, qaar ka mid ah shirkadaha amniga ayaa sheeganaya in weerarka bilaa-fayl-la'aanta ah uu ka tago binary yar oo ku jira martigeliyaha wax u dhimaya si uu u bilaabo weerarka malware. Weerarada noocaan oo kale ah ayaa la arkay kor u kac weyn dhowrkii sano ee la soo dhaafay waxayna ka halis badan yihiin weeraradii soo jireenka ahaa ee malware.

Weerarrada Malware-ka aan fileyn

Weerarrada Malware^{(Fileless Malware)} -ka aan fileyn sidoo kale loo yaqaan weerarrada aan-malware-ka ahayn^{(Non-Malware attacks)} . Waxay adeegsadaan farsamooyin caadi ah si ay u galaan nidaamyadaaga adoon isticmaalin wax fayl malware ah oo la ogaan karo. Dhawrkii sano ee la soo dhaafay, nimankii wax weeraray waxay noqdeen kuwo caqli badan, waxayna sameeyeen habab badan oo kala duwan oo ay ku qaadaan weerarka.

Malwareer la'aantu^(Fileless) waxay wax yeelaa kombuyuutarrada oo aan ka tegin wax fayl ah darawalka adag ee maxalliga ah, isaga oo ka leexanaya amniga dhaqameed iyo aaladaha baarista.

What’s unique about this attack, is the usage of a piece sophisticated malicious software, that managed to reside purely in the memory of a compromised machine, without leaving a trace on the machine’s file system. Fileless malware allows attackers to evade detection from most end-point security solutions which are based on static files analysis (Anti-Viruses). The latest advancement in Fileless malware shows the developers focus shifted from disguising the network operations to avoiding detection during the execution of lateral movement inside the victim’s infrastructure, says Microsoft.

Malware-ka aan fileyn wuxuu ku dhex jiraa Random Access Memory ee nidaamka kombiyuutarkaaga, mana jiro barnaamij ka hortag ah oo si toos ah u baaraya xusuusta - marka waa habka ugu ammaansan ee weeraryahannada ay soo galaan kombuyutarkaaga oo ay xadaan dhammaan xogtaada. Xitaa barnaamijyada antivirus ugu fiican ayaa mararka qaarkood seega malware-ka ku dhex socda xusuusta.

Qaar ka mid ah infekshannada Malware^{(Fileless Malware)} -ka ee dhawaanahan Fayl-la'aanta ah ee ku dhacay nidaamyada kombiyuutarka adduunka oo dhan waa - Kovter , tuug USB^{(USB Thief)} , PowerSniff , Poweliks , PhaseBot , Duqu2 , iwm.

Sidee u shaqeeyaa Fileless Malware

Malware-ka aan fileyn marka uu soo galo xusuusta^(Memory) waxay geyn kartaa asalkaaga iyo nidaamka maamul ee Windows qalabka ku dhex dhisan sida PowerShell , SC.exe , iyo netsh.exe si uu u socodsiiyo koodka xaasidnimada ah oo uu maamulku galo nidaamkaaga, si aad u qaadato bixi amarrada oo xado xogtaada. Malware-ka aan File-ka lahayn^{(Fileless Malware)} mararka qaarkood waxa kale oo laga yaabaa inuu ku qariyo Rootkits ama Diiwaanka^(Registry) nidaamka hawlgalka Windows.

Marka la soo galo, weerarradu waxay adeegsadaan kaydka Thumbnail Windows^{(Windows Thumbnail)} si ay u qariyaan habka malware-ka. Si kastaba ha ahaatee, malware-ku wuxuu weli u baahan yahay binary-ga taagan si uu u galo PC-ga martida loo yahay, iyo iimaylka ayaa ah dhexdhexaadinta ugu badan ee loo isticmaalo isku mid. Marka isticmaaluhu gujiyo lifaaqa xaasidnimada leh, wuxuu ku qorayaa faylka lacag bixinta sir ah gudaha Diiwaanka Windows^{(Windows Registry)} .

Fileless Malware waxa kale oo loo yaqaanaa inay isticmaasho aaladaha ay ka midka yihiin Mimikatz iyo Metaspoilt si ay koodka ugu duraan xusuusta PC-gaaga una akhriyaan xogta halkaas ku kaydsan. Aaladahani waxay ka caawiyaan kuwa weerarka soo qaaday inay si qoto dheer u galaan PC-gaaga oo ay xadaan dhammaan xogtaada.

Falanqaynta dabeecadda iyo malware-ka aan faylka^(Fileless) lahayn

Maadaama inta badan barnaamijyada antivirus-ka caadiga ah ay isticmaalaan saxiixyo si ay u aqoonsadaan faylka malware, malware-ka aan fileyn way adagtahay in la ogaado. Sidaa darteed, shirkadaha ammaanku waxay isticmaalaan falanqaynta dabeecadda si ay u ogaadaan malware. Xalkan cusub ee amniga waxaa loogu talagalay in uu wax ka qabto weerarradii hore iyo hab-dhaqanka isticmaalayaasha iyo kombuyuutarrada. Dhaqan kasta oo aan caadi ahayn oo tilmaamaya nuxurka xaasidnimada leh ayaa markaa lagu ogeysiiyaa digniino.

Marka aanay jirin xal dhammaadka-dhammaadka ah oo lagu ogaan karo malware-ka-fayl-la'aanta ah, falanqaynta habdhaqanku waxay ogaataa dhaqan kasta oo aan fiicneyn sida dhaqdhaqaaqa galitaanka ee shakiga leh, saacadaha shaqada ee aan caadiga ahayn ama isticmaalka kheyraad kasta oo aan caadi ahayn. Xalkan ammaanku waxa uu qabtaa xogta dhacdada inta lagu jiro kalfadhiyada halkaas oo isticmaalayaashu isticmaalaan codsi kasta, ka baadhayaan mareegaha, ciyaara ciyaaraha, isdhexgalka warbaahinta bulshada, iwm.

Fileless malware will only become smarter and more common. Regular signature-based techniques and tools will have a harder time to discover this complex, stealth-oriented type of malware says Microsoft.

Sida looga hortago oo lagu ogaado Malware- ka aan File-ka lahayn^{(Fileless Malware)}

Raac taxaddarrada aasaasiga ah si aad u ilaaliso kumbuyuutarkaaga Windows^{(precautions to secure your Windows computer)} :

• Codso^(Apply) dhammaan Cusbooneysiinta Windows-ka -^{(Windows Updates –)} gaar ahaan cusboonaysiinta amniga ee nidaamkaaga hawlgalka.
• Hubi^(Make) in dhammaan software-kaaga lagu rakibay la dhejiyay oo la cusboonaysiiyay noocyadoodii ugu dambeeyay
• Isticmaal alaab ammaan oo wanaagsan oo si hufan u sawiri karta xusuusta kombiyuutarkaaga sidoo kalena xannibi karta boggaga internetka ee xaasidnimada leh ee laga yaabo inay martigeliyaan Faa'iidooyinka^(Exploits) . Waa inay bixiso la socodka dhaqanka^(Behavior) , iskaanka xusuusta^(Memory) , iyo ilaalinta Qaybta Boot .^{(Boot Sector)}
• Ka digtoonow intaadan soo dejin wax lifaaqa iimaylka ah^{(downloading any email attachments)} . Tani waa si looga fogaado soo dejinta lacag-bixinta.
• Isticmaal Firewall^(Firewall) xooggan kaas oo kuu ogolaanaya inaad si wax ku ool ah u maamusho taraafikada Shabakadda .^(Network)

Hoos ka akhriso^{(Read next)} : Maxay yihiin Weerarada Dhulka^{(Living Off The Land attacks)} ?

Fileless Malware Attacks, Protection and Detection

Fileless Malware may be a new term for most but the security industry has known it for years. Last year over 140 enterprises worldwide were hit with this Fileless Malware – including banks, telecoms, and government organizations. Fileless Malware, as the name explains is a kind of malware that doesn’t touch the disk or use any files in the process. It gets loaded in the context of a legitimate process. However, some security firms claim that the fileless attack leaves a small binary in the compromising host to initiate the malware attack. Such attacks have seen a significant rise in last few years and they are riskier than the traditional malware attacks.

Fileless Malware attacks

Fileless Malware attacks also known as Non-Malware attacks. They use a typical set of techniques to get into your systems without using any detectable malware file. In the past few years, the attackers have become smarter and have developed many different ways to launch the attack.

Fileless malware infects the computers leaving behind no file on the local hard drive, sidestepping the traditional security and forensics tools.

What’s unique about this attack, is the usage of a piece sophisticated malicious software, that managed to reside purely in the memory of a compromised machine, without leaving a trace on the machine’s file system. Fileless malware allows attackers to evade detection from most end-point security solutions which are based on static files analysis (Anti-Viruses). The latest advancement in Fileless malware shows the developers focus shifted from disguising the network operations to avoiding detection during the execution of lateral movement inside the victim’s infrastructure, says Microsoft.

The fileless malware resides in the Random Access Memory of your computer system, and no antivirus program inspects the memory directly – so it is the safest mode for the attackers to intrude in your PC and steal all your data. Even the best antivirus programs sometimes miss the malware running in the memory.

Some of the recent Fileless Malware infections that have infected computer systems worldwide are – Kovter, USB Thief, PowerSniff, Poweliks, PhaseBot, Duqu2, etc.

How does Fileless Malware work

The fileless malware when it lands into the Memory can deploy your native and system administrative Windows built-in tools like PowerShell, SC.exe, and netsh.exe to run the malicious code and get the admin access to your system, so as to carry out the commands and steal your data. Fileless Malware sometime may also hide in Rootkits or the Registry of the Windows operating system.

Once in, the attackers use the Windows Thumbnail cache to hide the malware mechanism. However, the malware still needs a static binary to enter the host PC, and email is the most common medium used for the same. When the user clicks on the malicious attachment, it writes an encrypted payload file in the Windows Registry.

Fileless Malware is also known to use tools like Mimikatz and Metaspoilt to inject the code into your PC’s memory and read the data stored there. These tools help the attackers to intrude deeper into your PC and steal all your data.

Behavioral analytics and Fileless malware

Since most of the regular antivirus programs use signatures to identify a malware file, the fileless malware is hard to detect. Thus, security firms use behavioral analytics to detect malware. This new security solution is designed to tackle the previous attacks and behavior of the users and computers. Any abnormal behavior which points to malicious content is then notified with alerts.

When no endpoint solution can detect the fileless malware, behavioral analytics detects any anomalous behavior such as suspicious login activity, unusual working hours or use of any atypical resource. This security solution captures the event data during the sessions where users use any application, browse a website, play games, interacts on social media, etc.

Fileless malware will only become smarter and more common. Regular signature-based techniques and tools will have a harder time to discover this complex, stealth-oriented type of malware says Microsoft.

How to protect against & detect Fileless Malware

Follow the basic precautions to secure your Windows computer:

• Apply all the latest Windows Updates – especially the security updates to your operating system.
• Make sure that all your installed software is patched and updated to their latest versions
• Use a good security product that can efficiently scan your computer’s memory and also block malicious web pages that may be hosting Exploits. It should offer Behavior monitoring, Memory scanning, and Boot Sector protection.
• Be careful before downloading any email attachments. This is to avoid downloading the payload.
• Use a strong Firewall that lets you effectively control Network traffic.

Read next: What are Living Off The Land attacks?

Related posts

• Weerarada Nuglaanta Afduubka DLL, Kahortagga & Ogaanshaha

• Sidee Looga Fogaadaa Khayaanada Khiyaamada iyo Weerarada?

• Waa maxay Gelitaanka Fog ee Trojan? Kahortagga, Ogaanshaha & Ka saarida

• Weerarada Cyber ​​- Qeexid, Noocyada, Ka Hortagga

• Crystal Security waa aaladda ogaanshaha Malware ee ku saleysan Cloud ee bilaashka ah ee PC

• Soo-gudbinta Malware: Halkee loo gudbiyaa faylasha malware-ka Microsoft iyo kuwa kale?

• Waa maxay CandyOpen? Sidee looga saaraa CandyOpen Windows 10?

• Spyware-ka ugu Fiican iyo Software ka saarida Malware

• Sida loo hubiyo Registry for malware gudaha Windows 11/10

• Talooyin si aad uga ilaaliso kombiyuutarkaaga weerarka Thunderspy

• Sida loo isticmaalo Malwarebytes Anti-Malware si meesha looga saaro Malware

• Weerarada Ransomware, Qeexid, Tusaalayaal, Ilaalinta, Bixinta

• IObit Malware Fighter Dib u eegis iyo soo dejin bilaash ah

• Fayraska ugu Wanaagsan & Sawir-qaadayaasha Malware-ka ayaa BOQOR U DAMAANADNAYA IN UU NOQOTO Virus Kasta

• Sida looga hortago Malware - Talooyin si loo sugo Windows 11/10

• Waa maxay Win32:BogEnt iyo sida loo saaro?

• Sida loo uninstall ama ka saaro Driver Tonic ka Windows 10

• Ka saar fayraska USB Flash Drive adoo isticmaalaya Command Prompt ama Faylka Dufcada

• Waa maxay Rootkit? Sidee buu u shaqeeyaa Rootkits? Rootkits ayaa sharaxay.

• Sida looga saaro fayraska Windows 11/10; Hagaha ka saarida Malware