How does self-deleting malware work? Is it typically on a system long enough to be detected, or does it erase itself...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
before detection? If so, how would enterprises know if any damage is done by self-deleting malware?
The GreenDispenser malware discovered by Proofpoint allows a criminal to empty the cash out of an automatic teller machine (ATM). It seems to rely on poor physical security practices and potential vulnerabilities in the ATM software. Once the GreenDispenser is used to cash out the ATM, it securely deletes itself. The self-deleting malware works by destroying any files it creates at a predefined time, such as once it executes or on a certain date. The files or executable code first need to get onto the victim's machine. In the GreenDispenser example, potential physical security vulnerabilities were exploited to gain physical access to the ATM so the malicious code could be copied to the system.
Obviously, one of the goals of any malware is to not be detected; in the case of GreenDispenser, the malware author tries to reduce the chance of detection by deleting itself before detection occurs. However, the malware needs to be on the system long enough to be executed so the ATM can be cashed out. ATMs and kiosk systems are typically very restricted and have controlled functionality. This gives a significant benefit to a defender because any executable, file or network connection that is not specifically approved can and should be blocked or investigated as suspicious. An enterprise would know damage was done if malware is detected on an ATM or kiosk.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn more about the effects of a financial malware tool going public
Related Q&A from Nick Lewis
The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis ...continue reading
A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar ...continue reading
A HummingBad malware variant, HummingWhale, was discovered being spread through 20 apps on the Google Play Store. Expert Nick Lewis explains the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.