Fileless Malware Spreads Overseas Without a Single Click

Recent Fileless Malware Attack Runs Rampant

A recent fileless malware campaign came to light over the weekend, which infected computers in various locations.  According to Engadget, the malware campaign targeted businesses in Europe, the Middle East, and Africa.  The malware was distributed via a malicious email with a hyperlink to an “invoice” or “order number”.  The link displayed as if it were a PowerPoint document.  However, the user did not have to click on the link to begin executing the scripting attack.  By simply hovering the link, the attack was triggered.

Protection and Prevention

Engadget states,

“If you’re running a newer version of Microsoft Office, though, you’ll still need to approve the malware’s download before it infects your PC.  That’s because the more modern versions of the suite has Protected View, which will show a prompt warning you about a “potential security concern” when the script starts running. Just click Disable, and you’ll be fine. However, older versions of the suite don’t have that extra layer of security.”

Unfortunately, few security solutions are blocking fileless attacks.  However, PC Matic recently shared a new layer of protection that was added to their security software solution, fileless ransomware detection.

Fileless attacks are different than traditional malware attacks because they execute through a scripting agent.  These scripting agents include PowerShell, Cscript, Wscript, etc.  Typically, fileless attacks are more successful than malware distributed by files because security solutions are not scanning for malicious scripts — they scan for malicious files.  Therefore, for most PC users, the malicious script will be allowed to execute.

 6,655 total views,  1 views today

(Visited 1 times, 1 visits today)

3 thoughts on “Fileless Malware Spreads Overseas Without a Single Click”

    1. Kayla Thrailkill

      Webroot may implement some pieces of a default deny approach, but they do not use application whitelisting as their primary method of malware detection. PC Matic uses a globally automated whitelist as its primary method of malware detection and prevention. Our whitelist originated in 2009, and has been growing ever since. When an unknown file attempts to execute, it is sent to our malware research team for testing, instead of leaving that burden on the user or IT department. Also, PC Matic now includes fileless malware detection – which identifies malicious scripting attacks. Webroot, or any other AV program for that matter, does not have this functionality. If you have any other questions, feel free to reach out!

  1. Love your Tech Talk!!

    Speaking of FB Messenger … I try not to message people in FB because there does not appear to be a way to shut the auto connection to everyone else on the site; as in they attach everyone to your contact list.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.