go to sections menu

Fileless malware, is this the wave of the future? from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > Fileless malware, is this the wave of the future?

Go to Homepage, contents or to navigation menu



Fileless malware, is this the wave of the future?

There is an old/new game in town. According to this article New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign which I read today, this is making me a little bit concerned. I just wonder what type of thing this would do to our computers? Some of us who read or write on this blog use assistive technology, and from this article, it doesn’t drop anything, but yet it can do havoc.

This brings me back to the question of programs like Microsoft Security Essentials. MSE, or windows defender can’t protect us from this type of threat. Programs like Trend Micro can, because it looks for suspicious behavior. I’m wondering how Windows Defender or MSE for those on older operating systems can protect us from this?

This botnet was dismantled in 2018 according to the article, but yet its back more pervasive than ever. I’m curious on how we can protect ourselves, because fileless stuff would probably not get caught by these products which are it for us with access technologies.

Headings in this article include:

  • KovCoreG’s attack chain
  • Analysis of the Novter malware
  • Analysis of Novter’s module “Nodster”
  • Correlating Nodster’s traffic
  • and

  • Defending against Novter

Under Defending against Novter it says:

Advertisements are an innocuous online staple, but KovCoreG’s campaign demonstrates how they can be intrusive, not to mention how Novter can expose the
user’s system to other and actual threats. Given how KovCoreG engages in click fraud, it can significantly affect businesses. A single
mobile ad fraud incident in 2018, for instance, cost Google and its partners around
US$10 million in losses.

Novter also exemplifies fraudsters’ maturing techniques with its use of fileless infection methods and obfuscating its C&C connections and fraud-related
traffic. Users, for their part, should adopt best practices, especially against socially engineered threats like
malvertisements.

There are lots of terms and links within this entire article to different things, but this honestly concerns me. I’m beyond words on how we as disabled people can protect ourselves from this if the program, which is accessible, can’t probably do the job?

This leads me back to my article Antivirus and the disabled computer user from blog The Technology blog and podcast (June 4, 2017) because in it, I’m wondering what people are using and accessible that could now protect us from this type of thing.

This article I base this post on, talks about watering hole web sites. I’m not even sure what these things are or if I’ve ever encountered it.

Has anyone encountered this, and if so, what did you do?


Informazioni sull'articolo

Fileless malware, is this the wave of the future? was released on October 1, 2019 at 9:31 pm by tech in article commentary.
Last modified: October 1, 2019.


Comments (2)

  1. Comment by crashmaster date 2 October 2019 alle 22:57 (), Rispondi

    Well who knows.
    Maybe it won’t, sadly I am not interested in if whatever software is secure, I am more interested in if I can exclude stuff so things don’t fuck up or get fucked up by said software.
    Right now, I am at serious risk of infection because of the following.
    1. exclusions to folders for games in program files, virtual recorder and a few other things because of bgt and how its constructed.
    This exclusion moves to my data drive because of false positives.
    This moves to my e f and g drives because of being backup disks and containing installers flagged falsely.
    So, if anyone wanted to put a virus laden drive to my usb port they probably could.
    Luckily I am not in university or use other’s drives bar sharing with a friend who himself has a virus checker and is ok, but still.
    Vipre is supposed to be getting more accessible, but I don’t trust anyone bar microsoft not because they are the best, I’d even use them if they were utter shit!
    The microsoft interfaces have not changed in years.
    I do like extra configurations that I don’t have with the ms stuff.
    Any virus checker that automatically does stuff is more dangerous than a virus.
    My computer is full of trogens and viruses.
    a lot of those are games, recording programs, programs I have had for ages and stuff which is clearly not a virus.
    So, now I do want a nicely secure system, but there are so many false positives on that system, I have to unsecure basically half of the system so I can work with it.
    I do clear my junk files every session on the computer, twice daily.
    And I don’t leave downloads in downloads once I have finnished.
    I have never got a virus for ages but I know my risk is up.
    I don’t really like it being so open to infection but its that or loose a lot of programs mislabeled as viruses.
    I have had friends loose entire oses because of this.
    I had an overzellous security program trash bits of windos forcing a reformat on all the systems.
    I want something that works, and that will fuck off and leave me alone no matter what unless its a real virus.
    The trouble so many misrepresentations on our systems being blind there is potential.
    Not to mention that with the way mozilla thinks access could cause issues followed by the fact someone started using narator as a hacking vehicle, I fully expect narator, jaws, nvda, and most of windows registry to become a virus some day.
    At which point the first thing I will be doing is making sure I don’t have any security at all because I am to scared to have my system destroyed at which point its failed before its even fucking started.
    Its half like that now.
    I have a virus, and I have a lot of issues, they just happen to be programs on my system.

  2. Comment by tech date 3 October 2019 alle 09:08 (), Rispondi

    The only reason why I bring this up, is because the way these things work. If it can drop stuff and harm our system without leaving a trace, how could MSE, the only program we can use protect us? This is why I bring it up. I’m sorry to hear that you’ve pretty much gotten owned by false positives. I had a clear file on my machine that MSE or windows defender didn’t even pick off. It was an emailed thing telling me to open it for an invoice or some such. I wanted to see what it could do, and I left it for a long time without it getting picked off. If this doesn’t pick that off because of what it can do, how can we trust it for fileless stuff like what the original article talked about? Thats why I want to bring it up.

Leave a comment

Message form







go to sections menu


navigation menu

go to sections menu