'Difference between File-based and Fileless malware
First question on here. I'm reading up about malware and I've hit a bit of a wall. The distinction is between a filebased virus and a fileless virus. Apparently a file based virus sticks itself into the code of a file and is then executed when the file is used. Fileless apparently uses LOLBins, which from what I gather are processes and services that are part of the OS. So, for example, a malicious website may may send a script to the victim's browser that passes instructions to a LOLBin like PowerShell (don't even know what that is) which reads and executes the commands.
The book I am reading makes this point: "Unlike a file-based virus, a fileless virus does not infect a file and wait for that file to be launched. Instead, the malicious code of a fileless virus is loaded directly in the computer's random access memory (RAM) through the LOLBins and then executed"
I don't get it though... if a file has code in it that gets executed to do something malicious it must have ended up in RAM right? What's the difference between a Virus being stuck onto a docx file and one being carried about by something like PowerShell
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|