Antimalware tools and techniques security pros need right now
A comprehensive collection of articles, videos and more, hand-picked by our editors
How does self-deleting malware work? Is it typically on a system long enough to be detected, or does it erase itself...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
before detection? If so, how would enterprises know if any damage is done by self-deleting malware?
The GreenDispenser malware discovered by Proofpoint allows a criminal to empty the cash out of an automatic teller machine (ATM). It seems to rely on poor physical security practices and potential vulnerabilities in the ATM software. Once the GreenDispenser is used to cash out the ATM, it securely deletes itself. The self-deleting malware works by destroying any files it creates at a predefined time, such as once it executes or on a certain date. The files or executable code first need to get onto the victim's machine. In the GreenDispenser example, potential physical security vulnerabilities were exploited to gain physical access to the ATM so the malicious code could be copied to the system.
Obviously, one of the goals of any malware is to not be detected; in the case of GreenDispenser, the malware author tries to reduce the chance of detection by deleting itself before detection occurs. However, the malware needs to be on the system long enough to be executed so the ATM can be cashed out. ATMs and kiosk systems are typically very restricted and have controlled functionality. This gives a significant benefit to a defender because any executable, file or network connection that is not specifically approved can and should be blocked or investigated as suspicious. An enterprise would know damage was done if malware is detected on an ATM or kiosk.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn more about the effects of a financial malware tool going public
Related Q&A from Nick Lewis
USB Killer devices, with the ability to destroy systems via a USB input, are available and inexpensive. Expert Nick Lewis explains how they work and ...continue reading
Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how ...continue reading
The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.