Английская Википедия:Dropper (malware)

Материал из Онлайн справочника
Перейти к навигацииПерейти к поиску

Шаблон:Short description A dropper[1][2] is a kind of Trojan that has been designed to "install"  malware (virus, backdoor, etc.) to a computer. The malware code can be contained within the dropper in such a way as to avoid detection by virus scanners; or the dropper may download the malware to the targeted computer once activated.

There are two types of droppers. The first is known as a persistent dropper. Upon running the malware, it hides itself on the device. It then modifies the system registry keys. Even if the malware is removed the hidden file will execute upon rebooting the system. This allows it to reinstall the malware even if it was previously removed. The second type is known as a non-persistent dropper. It is less dangerous because upon executing its payload it removes itself from the system. This way, when the malware is removed it will not be able to reinstall itself.[3]

A Trojan works by disguising itself into another program. It then requires the user to click on it to be executed. It unpacks code and then loads the payload into memory. It then installs the malicious software (malware).[4]

In order to prevent malware droppers from infecting a computer, precautions can be taken. For example, not opening links from unknown sources, and downloading software only from known verified distributors, such as the Microsoft Store and the Apple App Store. Also a firewall can be used to allow only incoming traffic from verified sources.[3] Droppers can also work on mobile devices. For instance, if a user downloads an application from a link in a text message, upon the installation of the application the dropper infects the device with malware. An example of a Trojan dropper created for mobile devices is the Sharkbot dropper.[5][6] It is a financial Trojan that takes user's funds by exploiting an Automatic Transfer Service (ATS). This can automatically complete financial transaction fields with almost no user help. This allows an attacker to quickly transfer funds out of a user's mobile banking applications. This type of malware is not found in app stores. Instead, it has to be installed through a process called sideloading.[6]

See also

References

Шаблон:Reflist