Page 44 - Cyber Warnings
P. 44







New Attack with Seldom Used Vector


PowerSniff

by Charles Parker, II; Information Security Architect


Malware is being coded and released into the wild at an alarming rate. People from across the
globe are coding this for personal profit, as a contract, or to prove a point (e.g. hacktivism).
Usually these have been noted to operate in a narrow way.

The traffic to the target is through the email. The user reads the email with an attachment,
opens this, and the malware is saved to the hardware. This mode has been repeated across the
globe.

Recently there has been a new variant on an older method. This new variant saves the malware
into the memory (RAM). This is distant from other currents, but has recycled an older method. A
prior example of this attack was the Ursnif malware.

Fileless Malware
As noted generally the malware is saved to the hard drive. With this in effect, the malware is
long-lasting in that when the computer is shut down, the malware is still present when the
system is turned on.

With this new variant, the malware resides in the RAM. This is not stored on the hard drive of
the targeted, infected system. This had been experienced more with drive by malware attacks.
While this is unique, it has proven itself to be effective.

Usage
Historically, the attackers have not used this in a preponderance of the time. This was a less
attractive option as the attack would fail as the user reboots their system, clearing out the RAM,
and effectively removing the malware.

This does have a benefit in that AV is generally engineered to scan the hard drives and not the
RAM.

Process
On a basic level, this is structured as a social engineering attack. This was not part of a spam
campaign. Structurally, the person receives an email. This is personalized with the person’s
name, address, and other select information.

The body of the email indicates there is a pertinent rationale for opening the attachment
presently (e.g. the user has to open the attachment urgently!). The email has in the body an


44 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   39   40   41   42   43   44   45   46   47   48   49