How can you destroy malware that doesn’t exist on a file?
Without a file to eradicate, most antivirus measures are useless against this threat. That’s because the malware is installed directly to the registry with an encoded autostart registry key that’s hidden.
In plain English: The malware lives on the registry, so antivirus programs can’t scan for it and even with system reboots, the malware continues to be in effect.
How the malware gets there
Like all malware, this attack needs a point of entry. And as so often is the case, this one relies on tricking users.
A crafted Microsoft Word file is emailed to a user. In this case, the email claimed to be from a postal service contianing information about a package that was undeliverable.
And once that malware is on the register, it provides an opening for hackers to install banking Trojans or steal files or documents.
Like most attacks, the human layer can be your best defense or biggest weakness with this malware.
Having users recognize phishing attacks and encouraging good security awareness is key.
One way you may want to go about this: regularly testing them.
Set up fake emails from a non-work account and “phish” them on your own. It’s a good reminder that these tactics can be used against them at any time, and constant vigilance is a must.