Let's take a look at the following five pillars (stages) in the architecture of a malware attack:
- Entry Stage: This is the point from where the malware attempts to enter the victim's system. This could be done via a drive by downloading or clicking a link in an e-mail, which could result in a browser hijack that directs the victim to where the attacker wants them to go.
- Distribution Stage: The moment the victim connects to a malicious website, the site directs the victim seamlessly to a Traffic Distribution Server (TDS). This determines the victim's OS and browser. A TDS can be quite sophisticated and can filter out connection requests based on the browser type, OS, IP addresses, and other criteria. At this stage, the TDS can be set to drop or redirect requests to decoy sites from known IP addresses of security researchers, antivirus, or malware firms. These IP addresses that meet the preset criteria are directed to the third stage.
- Exploit Stage: At this stage, the attacker's objectives are to gain undetected access to the victim's computer. Based on the data gleaned about the victim's environment, the exploit kit will identify a vulnerability in the browser or browser plugins and direct the victim to a server running the specific exploit required to compromise their machine and gain a foothold in the system.
- Infection Stage: This is the stage where the malicious payload is downloaded to the victim's computer and the system is infected.
- Execution Stage: This is the stage where the criminals tend to take advantage of the compromised or exploited system. During this stage, the malware may call home and establish a connection to exfiltrate sensitive data or act as part of a botnet. It may even encrypt a victim's data and attempt to extort money to decrypt it.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.