New malware strain doesn’t need a file

How can you destroy malware that doesn’t exist on a file? 

That’s the problem some users are facing, according to researchers for GData Software. They’ve detected a rare form of malware that installs directly to the registry only.

Without a file to eradicate, most antivirus measures are useless against this threat. That’s because the malware is installed directly to the registry with an encoded autostart registry key that’s hidden.

In plain English: The malware lives on the registry, so antivirus programs can’t scan for it and even with system reboots, the malware continues to be in effect.

How the malware gets there

Like all malware, this attack needs a point of entry. And as so often is the case, this one relies on tricking users.

According to GData, the strain they discovered comes in through a social engineering or phishing attack.

A crafted Microsoft Word file is emailed to a user. In this case, the email claimed to be from a postal service contianing information about a package that was undeliverable.

And once that malware is on the register, it provides an opening for hackers to install banking Trojans or steal files or documents.

Preventing attacks

Like most attacks, the human layer can be your best defense or biggest weakness with this malware.

Having users recognize phishing attacks and encouraging good security awareness is key.

One way you may want to go about this: regularly testing them.

Set up fake emails from a non-work account and “phish” them on your own. It’s a good reminder that these tactics can be used against them at any time, and constant vigilance is a must.