Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo Firewall vs Fileless Malware
Message
<blockquote data-quote="AtlBo" data-source="post: 642751" data-attributes="member: 32547"><p>Just to show how strange communication is on this "fileless" type of malware, here are some stats:</p><p></p><p>FILES created (and 100% detectable) for it to be running on the system: 8</p><p>jl.txt</p><p>59301fecd6aca16.41438751.txt</p><p>59301fecd6ab61.06573335.txt</p><p>59301fecd6ab73.89307919.txt</p><p>59301fecd6ac99.92981850.txt</p><p>C_powershell.exe_950222ACB58D17766C7B4FDD001734894843F47F.ps</p><p>C_powershell.exe_3OC6BDF282E13C2E54BAC21793EOAD6D45D45DEB88.ps</p><p>59301fecd6abb4.43763376.txt</p><p></p><p>Total HIPs alerts based on the presence of these files: 29</p><p></p><p>I guess it's called fileless because it works via network vulnerabilities once it is on a network someplace. However, I feel like "fileless" would even in that case be a misnomer, considering how many files were required for the malware to be fully operational. Wannacry was a bad deal that apparently could spread via the network without files <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite113" alt=":confused:" title="Confused :confused:" loading="lazy" data-shortname=":confused:" />, but I suspect CFW would have blocked it from being injected onto a vulnerable machine via the network.</p><p></p><p>Attached is the entire HIPs sequence in the video if anyone would like to see it.</p></blockquote><p></p>
[QUOTE="AtlBo, post: 642751, member: 32547"] Just to show how strange communication is on this "fileless" type of malware, here are some stats: FILES created (and 100% detectable) for it to be running on the system: 8 jl.txt 59301fecd6aca16.41438751.txt 59301fecd6ab61.06573335.txt 59301fecd6ab73.89307919.txt 59301fecd6ac99.92981850.txt C_powershell.exe_950222ACB58D17766C7B4FDD001734894843F47F.ps C_powershell.exe_3OC6BDF282E13C2E54BAC21793EOAD6D45D45DEB88.ps 59301fecd6abb4.43763376.txt Total HIPs alerts based on the presence of these files: 29 I guess it's called fileless because it works via network vulnerabilities once it is on a network someplace. However, I feel like "fileless" would even in that case be a misnomer, considering how many files were required for the malware to be fully operational. Wannacry was a bad deal that apparently could spread via the network without files :confused:, but I suspect CFW would have blocked it from being injected onto a vulnerable machine via the network. Attached is the entire HIPs sequence in the video if anyone would like to see it. [/QUOTE]
Insert quotes…
Verification
Post reply
Top