These Trojans are used to install other malware on victim machines without the knowledge of the user. Droppers install their payload either without displaying any notification, or displaying a false message about an error in an archived file or in the operating system. The new malware is dropped to a specified location on a local disk and then launched.
Droppers are normally structured in the following way:
Main file
contains the dropper payload
File 1
first payload
File 2
second payload
...
as many files as the coder chooses to include
The dropper functionality contains code to install and execute all of the payload files.
In most cases, the payload contains other Trojans and at least one hoax: jokes, games, graphics and so forth. The hoax is meant to distract the user or to prove that the activity caused by the dropper is harmless, whereas it actually serves to mask the installation of the dangerous payload.
Hackers using such programs achieve two objectives:
- Hidden or masked installation of other Trojans or viruses
- Tricking antivirus solutions which are unable to analyse all components
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment