Malware spotlight: Droppers

Introduction 

There’s a cloud of confusion around droppers. Often seen as a sort of helper program in a cyberattack, droppers are actually a type of malware that plays an instrumental role. It should be considered its own type of malware because it is responsible for a number of malicious actions.

This article will explore the dropper type of malware and examine what droppers are, how droppers spread, how droppers work, persistent versus non-persistent droppers the dangers of low-cost devices and other valuable information that will give you a better picture of this misunderstood malware.

What is a dropper?

Droppers are a type of Trojan and are so distinct that they are their own breed. Their signature purpose is to install other malware once they are present in a system. In fact, they are named droppers because they drop malware and malware components into a compromised system. This activity is what has earned droppers the nickname “the malware that precipitates malware.” 

In order to better avoid detection, droppers do not normally save to disk on a compromised system. Instead, droppers usually delete themselves after their purpose has been fulfilled. They often perform different actions in the furtherance of the attack goal. 

How droppers spread

Droppers can be spread many ways. Some are obvious and easy to avoid — such as an attachment to spam emails, for example. Other methods of spreading droppers, such as drive-by downloads, are quite stealthy and invite droppers into a system by merely visiting an infected website. 

The most common ways droppers are spread include:

  • Visiting malicious websites
  • Clicking malicious links
  • Spam email attachments
  • Inserting infected removable media
  • Using an infected internet proxy
  • Downloading infected freeware

Droppers may also be spread by infected apps — even that widely-used, seemingly legitimate app you downloaded last (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/U7kTDAw466g/