![]() A common avenue used by malware to limit the available forensic evidence is the self-deleting batch file method. The article Self-deleting Executables: Techniques which allow an executable file to delete itself whilst running goes into detail about these avenues while the article ZeroAccess's Way of Self-Deletion discusses another one. In Windows, a program cannot delete itself so malware has to use other avenues to accomplish this. The use of this technique can be seen in the Damballa paper Behind Today's Crimeware Installation Lifecycle: How Advanced Malware Morphs to Remain Stealthy and Persistent which outlines the malware installation lifecycle. One data destruction anti-forensic technique leveraged by malware are self-deleting droppers and downloaders. Data destruction is an anti-forensic technique where data is deleted to limit the amount of forensic evidence left on a system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |