Memory-scraping hack technique uncovered

A hacking technique known as ‘pervasive memory scraping’ is being used to root out encrypted private information according to the SANS Institute.

The technique relies on the fact that certain areas of Windows memory are only occasionally overwritten, meaning that data from software that has been closed down on the PC can still remain for some time after.

According to Lieberman Software, hackers have used the technique to grab personally identifiable information (PII) from users' PCs.

“The SANS Institute is reported to have spotted evidence of this type of attack methodology on an increasing basis. This means that, where a Windows PC user loads a secure application to view data, views that data and then closes the application, there is a chance that the data may continue to reside in the computer's memory for some time after," said Phil Lieberman, CEO of Lieberman Software.

"Put simply, this means that, even if the secure software checks for the presence of trojans and similar credential scanning malware - and locks down the malware whilst it is loaded - once the application is closed, the contents of the computer memory can still be subsequently lifted by a remote scanning piece of malcode," he added.

Users should either use a secure Web browser with a memory sandbox feature or avoid loading secure data on to a computer in the first place, Lieberman reckons.

“The fact that the SANS Institute has expressed concern about this security issue should be a red flag in itself. IT security managers need to be aware of this problem, and how to remediate it without it costing the earth, and causing efficiency issues within their organisation,” he said.