Some malware disappears when you reboot, but returns if you haven't plugged the hole where it came in. Is this scourge worse than others? The recent Target data heist of more than 40 million credit card records has many worrying about the impact of memory-only malware. The Target malware, a variant of BlackPOS, is part of a Trojan horse family known as Trojan.POSRAM. After the initial exploitation, these programs simply load themselves into RAM — they don’t install themselves on the hard drive.The lack of “software footprint” makes RAM-only malware programs elusive. Some people say they’re to be truly feared. Should we worry about them more than other malware programs?[ Also on InfoWorld: 13 tough questions about computer security. | Keep up with key security issues with InfoWorld’s Security Central newsletter. ]In a word: No. The panic over memory-only Trojans reminds me of all the doomsday prophecies about rootkit malware, which could “easily hide from antivirus programs.” It brings to mind past hysteria about roving bot worms, email attachment viruses, boot viruses, and DNS hijackers. Those newly discovered types of malware sounded scary at first, but antimalware programs now readily detect them all. The only challenge to antimalware software is keeping up with the sheer number of new malware programs that appear every day. Detecting an entire type of malware has rarely been a problem.In fact, memory-only malware is sort of a blessing, for a few reasons. First, most memory-only malware can’t live through a reboot. True, if you haven’t fixed what allowed it to gain initial access in the first place, the malware will get back in. But how nice it is that if you close the initial entry hole, a simple reboot will clean up the malware mess? There’s no hunting around the hard drive trying to find all the places it has modified or in which it may be hiding, no pulling viruses out of host executables and trying to decide how to put Humpty-Dumpty back together again, no wondering if you got everything. Just reboot your computer and relax. I’m picturing myself on a beach in Mexico, kicking back with a golden beer.Second, antimalware programs love to scan memory for bad actors. It’s the non-memory items that slow them down. Scanning memory can be literally thousands of times faster than scanning a hard drive — it’s even much, much faster than scanning an SSD. Plus, of course, there’s a lot less RAM than disk to scan. Antimalware scanners would love to stick to memory if they could; the performance hit would evaporate.Third, I’ve seen no studies that say memory-only malware is harder to detect or has incurred increased false negatives. This is what most people are worried about; I haven’t seen any real evidence yet.Lastly, although BlackPOS has been around for only a few years, we’ve had memory-only malware for a long time. The SQL Slammer worm of 2003, for example, was memory-only. To this day, SQL Slammer still holds the title of the fastest-spreading worm. It exploited nearly every unpatched SQL server on the Internet in about 10 minutes. But as bad as it was, I loved the cleanup: You patched the server and rebooted. Voila! Bad thing gone forever. Oh yeah, it’s readily detected by every antivirus program in the world.So, no, I’m not afraid of memory-only malware. On the contrary, I’m crossing my fingers and hoping all malware becomes memory-only.This story, “Should you worry about memory-only malware?,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe