How does self-deleting malware work? Is it typically on a system long enough to be detected, or does it erase itself...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
before detection? If so, how would enterprises know if any damage is done by self-deleting malware?
The GreenDispenser malware discovered by Proofpoint allows a criminal to empty the cash out of an automatic teller machine (ATM). It seems to rely on poor physical security practices and potential vulnerabilities in the ATM software. Once the GreenDispenser is used to cash out the ATM, it securely deletes itself. The self-deleting malware works by destroying any files it creates at a predefined time, such as once it executes or on a certain date. The files or executable code first need to get onto the victim's machine. In the GreenDispenser example, potential physical security vulnerabilities were exploited to gain physical access to the ATM so the malicious code could be copied to the system.
Obviously, one of the goals of any malware is to not be detected; in the case of GreenDispenser, the malware author tries to reduce the chance of detection by deleting itself before detection occurs. However, the malware needs to be on the system long enough to be executed so the ATM can be cashed out. ATMs and kiosk systems are typically very restricted and have controlled functionality. This gives a significant benefit to a defender because any executable, file or network connection that is not specifically approved can and should be blocked or investigated as suspicious. An enterprise would know damage was done if malware is detected on an ATM or kiosk.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn more about the effects of a financial malware tool going public
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.