The Microsoft Security Blog recently revealed a new malware that is currently taking place in Europe and the United States, and this attack technology can even bypass Microsoft’s security defenses. This malware is called Nodersok malware. The fileless attack technology is a relatively high-level attack technology and therefore poses a challenge to the security defense. Facts have indeed proved that this attack method is very threatening. The fileless attacks that have taken place in Europe and the United States have successfully bypassed Microsoft’s defenses at first until recently Microsoft successfully captured the virus and killed it.
Under normal circumstances, the malware has a main package that needs to be loaded and run on the user’s computer. Since it is loaded, the security software can detect and analyze it. The fileless technology mainly refers to the fact that the virus body always runs in memory, which means that the attacker will never write malicious executable files to disk. Therefore, how to detect such attacks for anti-virus software is quite difficult, and this fileless attack technology seems to be gradually increasing.
Microsoft believes that the user was attacked originally from HTA format files, and HTA is an HTML-based web application that can carry scripts. Initially, the attacker appeared to induce users to load files in this format through online advertisements. After downloading, the user can execute the application through an IE browser. After execution, the malicious scripts started to connect to the hacker-controlled server to load various tools and commands, and then bypass the detection of security software to run quietly. It is also true that Microsoft also emphasizes that users are better off not implementing HTA-formatted files. HTA-like technologies are now rarely used, so there is definitely malware.
Microsoft has detected such attacks based on Windows Defender defense technology, but at the time Microsoft could not be sure that this was a malicious activity. Until recently, Microsoft observed that the same type of attack soared hundreds of times before determining that it was a malicious activity, and then intercepted by WindowsDefender. Researchers at Microsoft security say that the attack methods used by hackers are elusive, especially because the distributed network architecture used by hackers is very complex.