When you are dealing with the computer there is a path that all the data travels on so that it can get to the CPU. For the most part, the data starts on the hard drive, the internet, or any other storage device that you might have on the system. After that, it travels down to the bus path and onto the RAM (memory). From there, it goes to the L family of caches.
Most computers have 2 L caches but some have three. After that, the data goes to the registers that are connected to the CPU and onto the CPU itself. After that, the data is crunched and it is then sent to the screen for you to enjoy.
Besides the CPU, the most important part of this process is the RAM. Without the RAM being used as storage, the computer would move too slow to be of any use for any programs that need to have some semblance of speed.
What a lot of people do not know is that the RAM is able to store whole programs inside of it but, for the sake of convenience, most programs are too big to be stored entirely in RAM so they are broken up. Also, most people have more than one program running at a time and RAM would not be able to store all of that at once. So, to operate efficiently, only what is needed at the time is stored in the computer’s memory. Everything else is stored on the hard drive and then delivered to the RAM when it is needed.
This is a pretty complicated topic itself but also fascinating at the same time. Also fascinating, to me at least, is the fact that malware developers who are able to create complicated attack programs that are able to live in the RAM of people’s computers. These types of attacks are never installed on the system and they live in the RAM of the computer. They are able to do an untold amount of damage to the system while they are in operation.
But a program that is only alive in the memory does have one serious disadvantage though – it is only in operation while the computer is on. This is why we have a hard drive on the system in the first place – we need a place where we are able to store data while the computer is unplugged. The memory of the computer is not able to do that – as soon as the power stops flowing to the system then everything that is stored in the ram is dead.
Why Are RAM Attacks So Dangerous?
These types of attacks are so dangerous because they are so hard to find. When a program is hiding in the RAM of the computer it can place itself in certain addresses that may not get scanned by the antivirus software on your system. This is because certain parts of the memory stick are designated to be part of the kernel level of the computer. Programs that are above the kernel level, which is called the user space, are not supposed to even know that part of the computer even exists.
Some of the malware attacks that are alive in the RAM only have found that they are able to trick parts of the operating system into letting it in the kernel area. This means that as long as your computer has power running to it then your system is in danger. When a program is able to have kernel level access then that means it has the ability to do whatever it wants, including direct access to the hardware. A piece of malware having that much power is never a good thing.
The good thing, if there is such a thing, about these types of attacks is that for one, as I said before, they are able to be easily gotten rid of by just unplugging the computer. The RAM totally forgets everything on there when the electricity is off so you will not have to worry about it anymore.
Another good thing about these kinds of attacks is that the code to create them is so small and compact, that there are only a few instructions that it can do directly. The thing that you have to worry about is it calling another program down to your system and taking over. Something like that happening is easier to detect and also easier to get rid of.
When you are dealing with the bad guys you have to remember that they are going to be crafty in how they attack you. Most of the time, you will not see it coming.
Luckily this type of attack is not new and there is already antivirus software out there that tries to detect this sort of attack. So just remember to update to the latest in antivirus systems and you should be protected.