You know how it works. Your end users visit an infected site and inadvertently download the latest type of malware. If your antivirus software is up to snuff, it will prevent the download or, at the very least, locate and isolate the invading file on the user’s hard drive. But what if there is no file on the hard drive to detect? What if instead the malware resides only in memory, running under a trusted process that you, the antivirus software and the operating system itself assume cannot be breached?
That’s exactly what happened in Russia earlier this year, when more than 300,000 computers were infected with a unique type of malware — the fileless bot. After the bot ran unencumbered for several months, Kaspersky Lab announced that it had discovered a rare type of infection being propagated through Russian online information resources. Advertisements supplied to the sites by AdFox, a third-party ad network, contained Java malware that directed browsers to a download server run by cybercriminals.