Wednesday, July 9, 2014

Netiquette IQ Definition of The Day - AVT


Advanced volatile threat detection: New term, old malware?
Nick Lewis, Enterprise Threats
Simply put, AVTs are attacks that are only resident in memory and are not written to disk. Memory-based malware is inherently more difficult to detect than other malware; it cannot be identified solely by monitoring the file system. Fortunately, there are many ways to initially detect something that needs to be examined on a system, which will make memory-based malware detection easier. The Windows Incident Response Blog has articles on how to perform memory forensics and malware analysis that could be used to detect an advanced volatile threat.
Once a suspicious network flow or account activity is discovered, an investigation can be done to identify what caused the suspicious activity. Additionally, monitoring for suspicious network connections can be done without access to the compromised system. An enterprise should prepare for an AVT by closely monitoring its systems using anomaly detection techniques and securing its endpoints.
Memory-based malware attacks date back to 2002 if not earlier, and antimalware tools have been addressing the threat of memory-resident malware ever since. So, while the threat is not necessarily new per se, it is still quite volatile because once a system is rebooted, any malware resident only in memory will disappear and requires reinfection of the system to gain access again. Yet reinfection can be easily accomplished if an infected system on the local network has not yet rebooted.
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.