In one of our previous explainer articles, we had discussed dropper malware and how dangerous it can be for your devices as its function is to drop its payload, which is malware, onto the intended victims’ smartphones, PCs, tablets etc. A Dropper malware is basically a trojan program that carries a malicious code with it to ‘drop’ it onto the targeted device.
The usual way for the dropper malware to work is by taking care of the system defences before installing the malicious files. One example is that of Microsoft Windows, where the target of the dropper is the User Account Control, which it tries to deactivate. If it is successful, then the user wouldn’t know if any critical system element of the device gets affected, which is something the User Account Control would warn the user about had it not been deactivated.
Here, we will throw some light on the types of Dropper malware.
Persistent Dropper malware
Two broad classifications of Dropper malware are Persistent and Non-Persistent of which the former is said to be more dangerous. Persistent dropper malware is persistent in the way that even if they are removed from the infected system, it can reinstall itself. They are able to do that by copying themselves on some hidden file in the system, a file that is hard to locate. This would be some random hidden file in the system usually. After copying themselves to that file, they created registry keys that run after the system gets restarted again. So, even after they have been removed, the registry keys would run on their own after the system reboot and they will try to download the malicious modules again. Therefore, in order to get rid of them permanently, it is a must that the created registry keys and the hidden file be found and removed.
Non-persistent Dropper malware
Coming to the other type, the Non-persistent Dropper malware just swoops inside the firewalls, drops their payload of the malicious code and gets away (as in uninstalling themselves) as soon as the malicious code gets installed. They can be detected and removed manually. Why they are not as tough to deal with as Persistent ones are because they work one single time, and after they drop their payload, they no longer pose a threat to the system.
Prevention
To ensure the dropper malware does not reach you, you should keep the following instructions in mind, besides investing in a paid antivirus/anti-malware solution:
The usual way for the dropper malware to work is by taking care of the system defences before installing the malicious files. One example is that of Microsoft Windows, where the target of the dropper is the User Account Control, which it tries to deactivate. If it is successful, then the user wouldn’t know if any critical system element of the device gets affected, which is something the User Account Control would warn the user about had it not been deactivated.
Here, we will throw some light on the types of Dropper malware.
Persistent Dropper malware
Two broad classifications of Dropper malware are Persistent and Non-Persistent of which the former is said to be more dangerous. Persistent dropper malware is persistent in the way that even if they are removed from the infected system, it can reinstall itself. They are able to do that by copying themselves on some hidden file in the system, a file that is hard to locate. This would be some random hidden file in the system usually. After copying themselves to that file, they created registry keys that run after the system gets restarted again. So, even after they have been removed, the registry keys would run on their own after the system reboot and they will try to download the malicious modules again. Therefore, in order to get rid of them permanently, it is a must that the created registry keys and the hidden file be found and removed.
Non-persistent Dropper malware
Coming to the other type, the Non-persistent Dropper malware just swoops inside the firewalls, drops their payload of the malicious code and gets away (as in uninstalling themselves) as soon as the malicious code gets installed. They can be detected and removed manually. Why they are not as tough to deal with as Persistent ones are because they work one single time, and after they drop their payload, they no longer pose a threat to the system.
Prevention
To ensure the dropper malware does not reach you, you should keep the following instructions in mind, besides investing in a paid antivirus/anti-malware solution:
- Avoid clicking on malicious-looking links.
- Do not visit web pages that you think could be harmful.
- Be very careful about opening attachments sent with spam.
- Do not download free programs unnecessarily and/or from untrustworthy sites and sources.
- Infected proxy websites could also bring malware to your device. So, keep away from them.
Related Posts
Denial of responsibility! TechnoCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.
