“The so-called fileless malware is unique in its ability to disappear after being installed on a server. Once the attacked computer is rebooted, the malware renames itself, leaving no detectable trace of its existence,” Gizmodo explained. “It can take several months before sysadmins realize the machine has been infected. During that time period, hackers can steal freely from the coffers of the affected enterprise.”
Two years ago, Kaspersky discovered that they themselves had been compromised with in-memory malware that affected their networks directly. The bug, which they named Duqu 2.0, was derived from Stuxnet, the infamous malware developed by the US and Israel to sabotage Iran’s nuclear program. While they have not yet named the in-memory malware they have tracked, the anti-virus company says that it is very similar to Duqu 2.0.
Kaspersky found the malware in over 40 nations, including 21 cases in the United States. They have promised to provide further details about the attacks, as well as the hackers objectives, during the Security Analyst Summit in St. Maarten in April.