Fileless Malware Could Be Lurking Inside Your Windows Event Logs
According to security researchers at Kaspersky, a customer showed this new behavior. The method injects shellcode payloads into the event logs for Windows' Key Management Services (KMS). A custom malware dropper manages to perform this task. The dropper then copies the executable WerFault.exe to a new folder, then places an encrypted binary into that same location. This is the first this method of malware delivery has been observed "in the wild."
Many malware and virus detection platforms usually have blocks of code that even heurisitic malware and virus scanners can catch without too much "hard work" by the scanners. However, this particularly nasty version of things can break up all of that code into 8KB chunks, at seemingly arbitrary intervals in the code, store them in events, then re-assemble them later. This means that it's possible for malware detections to just miss them because they could be completely innocuous on their own.
When it comes to security of your devices though, it often does boil down heavily to being wary. Be extremely careful of attachments you open, e-mails you accept, and what you install. Kaspersky, nicely, has published hashes on all files associated in the attack that they detected in their report. It is important to note that, on their own, a number of the files are innocuous and may even be necessary system files.