Sign in / up

back to article Memory-resident modular malware menaces moneymen

A stealthy strain of malware resident only in memory has been quietly pwning victims around the world for two years. The backdoor, dubbed Latentbot, that has been well hidden on the web since at least mid-2013 if not earlier. The payload never touches the victims' hard disks and stays only in memory, according to security …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. tiggity Silver badge

    So, which versions are affected exactly?

    "Latentbot won’t run in Windows Vista or Server 2008"

    So presumably will also not run in Windows XP, 98, 95, 3.1 etc......

    I'm guessing Server 2008 R2 might be affected as that is more Win 7 architecture than Vista architecture of "initial" Server 2008?

    If the malware only runs on Win 7 & above consumer OS (& appropriate server version (see question above) for business boxen) wouldn't it just have easier to say that rather than pick 2 arbitrary unaffected OSes?

    5 1 Reply
    1. NotBob
      Reply Icon
      Trollface

      Re: So, which versions are affected exactly?

      You forgot Windows ME. If we all ran ME, we'd all be safe (especially from productivity, of course).

      3 0 Reply
  2. Cuddles

    "never touches the victims' hard disks... can even corrupt a hard disk"

    Corrupting hard disks without ever touching them? Not a bad trick.

    8 0 Reply
    1. waldo kitty
      Reply Icon
      Boffin

      ""never touches the victims' hard disks... can even corrupt a hard disk"

      Corrupting hard disks without ever touching them? Not a bad trick."

      easy enough to do by infiltrating the disk cache system and changing the data in the cache...

      2 0 Reply
      1. Michael Wojcik Silver badge
        Reply Icon

        easy enough to do by infiltrating the disk cache system and changing the data in the cache...

        Indeed. There's many a slip twixt OS userspace APIs and physical storage. On the other hand, it's hard to say what "never touches the disk" is actually supposed to mean.

        0 0 Reply
    2. Ernie Mercer
      Reply Icon

      My thought as well.

      0 0 Reply
  3. Roo
    Windows

    I find it hard to believe that any AV software is really worth the disk thrashing and occasional bad update that bricks your machine in return for failing to detect a virus that has been pwning your machines for two years. The herd immunity thing clearly isn't happening.

    2 1 Reply
  4. Paul Crawford Silver badge

    Memory resident?

    So how does it survive reboots? Can it spread machine-to-machine, or would making your office work PCs shut down every night be a useful mitigation technique (as well as saving money on electric)?

    4 0 Reply
    1. LucreLout
      Reply Icon
      Pint

      Re: Memory resident?

      @Paul Crawford

      So how does it survive reboots?

      Where I work we have xxx,xxx PCs on the network, plus xx,xxx servers. The chances of all of that being powered down at the same time are nil - barring end of days scenarios.

      Anything purely memory resident wouldn't take long to spread back through the datacentre or desktop environment in sync with the rolling reboot or patching.

      would making your office work PCs shut down every night be a useful mitigation technique

      Its always daytime somewhere in the world, so any large company is likely to be vulnerable to memory resident malware which just "follows the sun" as management types like to think of it.

      Beer, because there's always a pub open somewhere in the world.

      5 0 Reply
  5. Brewster's Angle Grinder Silver badge
    Trollface

    “The use of custom encryption algorithms and well-known protocols...makes it more difficult to detect at the network level...”

    Quick, ban encryption! It's the only way we can protect ourselves from these viruses!!!11!!!1!!!!11!

    5 0 Reply
    1. Michael Wojcik Silver badge
      Reply Icon

      Quick, ban encryption!

      No half-measures. Ban encoding!

      0 0 Reply
  6. Mr Templedene

    Surely any anti-virus software worth its salt would detect the infected word document, thus rendering the infection vector useless? Assuming it scans incoming attachments and is, of course, turned on.

    0 1 Reply
    1. RFC2196
      Reply Icon

      *slaps head, before banging it some more on the desk*

      0 0 Reply
      1. Mr Templedene
        Reply Icon

        Read the article, this malware arrives after infection by a delivery virus in and infected word document, stop that, and problem solved.

        0 0 Reply
  7. Barbarian At the Gates

    Malware Anti-virus

    Anti-virus packages are for shutting the barn door after the cows have already started to get out. Never will completely prevent the cows from getting out in the first place. Anti-virus is more Clean-up The Mess Once You've Discovered It, And Someone Else Has Already Figured Out What To Do About It.

    I view "anti-virus" software as virus injection software...you've decided to infect your PC with a relatively benign strain of performance sucking rootkit, in hopes that it is so successful as a infectious agent that it can starve out other, nastier virii.

    7 0 Reply
    1. Roo
      Reply Icon
      Windows

      Re: Malware Anti-virus

      "I view "anti-virus" software as virus injection software...you've decided to infect your PC with a relatively benign strain of performance sucking rootkit, in hopes that it is so successful as a infectious agent that it can starve out other, nastier virii."

      Pretty good description. :)

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like