Sunday, March 26, 2006

what is a downloader?

a downloader is a program that downloads and installs/executes one or more other instances of malware from the internet...

the downloader is similar in purpose to the dropper, it's a means of getting malware into a machine while bypassing the security checks at the entrance... the difference here is that while the dropper carries the malware inside of itself the downloader doesn't, so even if a scanner were able to see through all possible ways of hiding a known piece of malware, a new unknown downloader would be able to get past it because the known malware the scanner could have detected wouldn't actually be present yet...

once again, active monitoring and/or sandboxing can mitigate (but not eliminate) the risk posed by this type of malware... once the known malware is downloaded active monitoring should be able to detect it, and if a downloader tried to download and execute the known malware in a sandboxed environment it should also be detected...

just as with droppers, downloaders secretly introduce malware into the system and are thus a type of trojan... unlike droppers, however, the downloader method isn't geared towards hiding anything so it's completely unrelated to stealth - instead it's more like a backdoor for the particular malware it downloads...

back to index

0 comments: