Fileless malware: part deux | Advanced Mobile Spy Software
In part one of this series, we focused on an introduction to the concepts fileless malware, providing examples of the problems that we in the security industry face when dealing with these types of attacks. In part two, I will be walking through a few demonstrations of fileless malware attacks that I have created. These labs demonstrate the problems we face when trying to detect fileless malware. I will first start off with a demonstration of malware that is detected strictly with static signatures. The file I will be using is a custom binary, which I created from scratch and does not actually perform malicious activities. It is completely benign. The reason for using a benign file for the demo is that I do not want any of the other more advanced components of the AV to kick in and try to detect this file. I want to show what happens when we rely purely on static signatures. We have simply created a static signature for this specific binary so that when executed or scanned on any