Droppers – Malware that Precipitates Malware
As the instigators of many cybersecurity attacks, it’s critical to discover and defeat Droppers.
There’s been a lot of excitement lately about malware droppers. So just what are they, and why do we care?
A dropper is malicious software whose main purpose is to install other malware components. Droppers are a means to an end, rather than the end itself. They derive their name because they install or “drop” other harmful programs on the target system. These other programs do the dirty work. In fact, droppers will usually delete themselves after they’ve installed their accomplices.
Because droppers don’t directly inflict damage, and because they may only be present for a short period of time, it is much harder for malware detection systems to identify them as malicious. Nonetheless, as the instigators or the beginning point of many attacks, it’s especially critical to accurately discover and defeat droppers.
How Can Droppers Be Detected?
Although droppers don’t directly inflict harm, they still exhibit behaviors that can be identified as malicious. Lastline evaluates potentially harmful objects to see if they are capable of, or actually perform any of the malicious behaviors that indicate it is in fact a dropper.
Here are a few examples of dropper behavior:
- Searches for installed security controls, such as firewalls, AVs, IPS, etc.
- Attempts to hide or anonymize connections with other sites
- Connects to suspicious or unknown sites
- Connects to sites in strange or unknown locations
- Downloads other programs or files, especially those known to be malicious
- Executes other programs or files—unknown or anomalous files in particular.
- Deletes itself after execution
When Lastline discovers malware in the form of a dropper, comprehensive information regarding the file, it’s indicators of compromise, and risk scores are all instantly provided so appropriate action can be taken.
Droppers have been around for a long time, but they continue to rapidly evolve. The more sophisticated of these require the use of an advanced malware protection system like Lastline to effectively detect them
Whitepaper: Read how Lastline Enterprise provides comprehensive protection from advanced malware across the entire enterprise.
Latest posts by Bert Rankin (see all)
- RSA Hot Topic — IoT Security and Managing Unknown Devices - April 18, 2018
- Machine Learning for Cybersecurity: Good, but Imperfect - April 17, 2018
- Hot Topics for RSAC 2018 - April 11, 2018