A new kind of 'invisible' malware has been identified by Kaspersky as being widespread in banks, telcom companies and government organisations.

Malware usually appears in files on computers and that is how they are identified. This new kind of malware exists instead in computer's memory.  This makes it much harder to spot. It also marks an increase in the use in the wild of what have been up to now rare memory-based cyber-attacks.

At this point, it appears the attack is found only in organisations using Windows computers.  The same attack, however, can be configured to other operating systems. The attack appears to be a modification of the Stuxnet worm the US government used against the Iranian nuclear processing machinery. It is similar to the Duqu2 attack on Kaspersky that seemed to be state-sponsored

Kaspersky has identified the detail of the attack process and offers a (technical) way of detecting this particular attack, of which parts are indirectly revealed by Kaspersky's normal scan tools.


Notified in ITNews 14/2/17