From the course: Ethical Hacking: The Complete Malware Analysis Process

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

How malware achieves persistence

How malware achieves persistence

From the course: Ethical Hacking: The Complete Malware Analysis Process

Start my 1-month free trial

How malware achieves persistence

- [Instructor] One of the important capabilities for malware that has a time delay or is designed to monitor for information is to be able to achieve persistence. That means ensuring that after the target computer is rebooted, the malware restarts. To do this, the target operating system or one of its processes has to restart the malware. On Windows a simple approach is for the malware to write an entry into the registry into what's known as an autostart extension point. The registry has two main top-level keys that are of interest to malware. HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. HKEY_CURRENT_USER is accessible in the user context but the malware needs to have administrative privileges in order to change HKEY_LOCAL_MACHINE keys. The registry location HKEY_LOCAL_MACHINE software Microsoft Windows current version run is where Windows looks for details of what programs to start up after the computer boots. Here we see a number of programs that will run including the system's HOTKEY…

Contents