Once a target machine is infected, the attacker needs to ensure persistence (the resilience or survivability of his foot-hold in the network). Rootkits and bootkits are commonly installed on compromised machines for this purpose. A rootkit is malware that provides privileged (root-level) access to a computer. A bootkit is a kernel-mode variant of a rootkit, commonly used to attack computers that are protected by full-disk encryption.
Backdoors enable an attacker to bypass normal authentication procedures to gain access to a compromised system. Backdoors are often installed as failover in case other malware is detected and removed from the system. Poison Ivy is one example of a backdoor.
Finally, anti-AV malware may be installed to disable any legitimately installed antivirus software on the compromised machine, thereby preventing automatic detection and removal of malware that is subsequently installed by the attacker. Many anti-AV programs work by infecting the MasterBoot Record (MBR) of a target machine

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.