A lovely little electronic beastie was spotted by Kaspersky Labs on Russian ad servers recently which uses a Java exploit (long since patched) to corrupt javaw.exe while it is running on system memory, infecting machines without any installation required whatsoever. While this sounds quite bad, the fact is that in your memory it can infect running programs but not move out of the memory without triggering an installation process and will not survive a system reboot. That is why as soon as this malware finds its self on a systems RAM it immediately tries to install the Lurk Trojan, which is when your problems would start and when your anti-virus/anti-malware protection should notice something amiss.
By its self the new virus poses little direct risk but it represents a new attack vector for drive by infections, which could get into protected space and be able to launch an attack from within the systems memory, a much faster and more intimate way of attacking than coming over the network. With home systems sporting more that 4GB of RAM, there is a lot more space for this type of virus to work with than there was just a few years ago. Read on at The Register, if you dare.
"The researchers aren’t quite sure how unusual it is, describing it as both “unique” and “very rare”, but no matter how scarce this type of malware is it does sound rather nasty as it “… uses its payload to inject an encrypted dll from the web directly into the memory of the javaw.exe process.” That mode of operation means Windows and MacOS are both affected by the exploit, which is hard for many antivirus programs to spot given it runs within a trusted process."
Here is some more Tech News from around the web:
- Fujitsu’s supercomputing MONSTER thrashes Top 500 rivals @ The Register
- IBM shows off 14nm wafer @ SemiAccurate
- Linux 3.3 Released @ Slashdot
- Intel Sandy Bridge Shapes Up On GCC 4.7 Compiler @ Phoronix
- Lexmark OfficeEdge Pro5500 @ Overclockers Online
- Ninjalane Podcast – New Servers Games Games Games Travel Gadget
What’s new about this? As I
What’s new about this? As I understand it, all malware has to spend some time in RAM before it writes to the hard drive. Is it that this is now broken into a two stage process so that different pieces of resident malware can be installed using the same exploit?
It is the two stage process,
It is the two stage process, where it infects a service running in RAM to attack the local machine which is new. The idea that it can fully live on your RAM is new, as opposed to a piece of malware which has already installed itself on the machine and then utilizes RAM like any other program.