|
Malicious software often intends to do damage over extended periods of time, for example when it:
•attempts to spread across the network •slowly ex-filtrates data •acts as a Trojan horse, waiting for further instructions |
Persistence ensures that the malware survives system reboots, which is especially crucial on workstations. Achieving persistence naturally increases the risk of detection if the infected system is adequately monitored. As such, malware attempts to create persistence with methods that are not easily detected.
Windows-based malware utilizes a number of different techniques to achieve persistence, the most common methods along with detection mechanisms being documented here.
