Browse Definitions :
Definition

dropper

A dropper is a small helper program that facilitates the delivery and installation of malware. Spammers and other bad actors use droppers to circumvent the signatures that anti-virus programs use to block or quarantine malicious code. It's much easier to change the dropper, should its signature become recognized, than it would be to rewrite the malicious codebase.

Droppers, like many of their larger Trojan horse counterparts, can be persistent or non-persistent. Non-persistent droppers install malware and then automatically remove themselves. Persistent droppers copy themselves to a hidden file and stay there until they complete the task they were created for.

Droppers can be spread by people who:

  • Open an infected e-mail attachment.
  • Pick up a drive-by download on an infected website.
  • Click on a malicious link in an email or on a website.
  • Using an infected flash drive.

Sometimes droppers are bundled with free utility programs (such as ad blockers) to avoid detection by antivirus software. When the free program executes, the dropper will first download and install malware before it unpacks and installs the legitimate utility.

How droppers hide

Droppers may require user execution but they can also be executed through exploitation of a security vulnerability. Droppers are often disguised and hidden in a computer’s directories (folders), so that although they are visible, they look like valid programs or file types. Sometimes droppers are bundled with free utility programs (such as ad blockers) to avoid detection by antivirus software. When the free program executes, the dropper will first download and install malware before it unpacks and installs the legitimate utility.

Droppers aren't associated with any file extensions, which makes them harder to detect. The software, which essentially acts like a Trojan horse is often used in spear phishing attacks.

Although droppers are traditionally standalone programs, their capabilities are increasingl included as part of a malware package. In late 2014, for example, the FBI reported that malware used in attacks on Sony associated with their movie The Interview came wrapped in an executable dropper that installed itself as a Windows service. Data collected by the 2020 Verizon DBIR shows that nearly 25% of public sector incidents involve a dropper.

Preventing droppers

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators:

  • Block email attachments that cannot be scanned by antivirus software.
  • Implement a zero-trust strategy.
  • Adhere to the principle of least privilege (POLP).
  • Implement network slicing to segment and segregate networks and functions.

Take a Quiz!

1. Zeus, also known as Zbot, is a popular malware tookit that allows bad actors to build their own _________________.
a. virus signatures
b. Trojan horses
Answer

2. What is a mantrap?
a. a command and control server that issues directives to infected devices.
b. a small room with two doors.
Answer

3. What do you call the programming that's embedded in the persistent memory of your computer keyboard?
a. software driver
b. firmware
Answer

4. What does a backdoor do?
a. helps circumvent a computer's security mechanisms.
b. decouples the the front end of a website from the back end to improve privacy.
Answer

5. Persistent droppers are often used to carry out APT attacks. What does APT stand for?
a. advanced persistent threat
b. automated programming thread
Answer

This was last updated in October 2020

Continue Reading About dropper

Networking
  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

Security
  • virus (computer virus)

    A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an ...

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the ...

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is...

CIO
  • B2B (business to business)

    B2B (business-to-business) is a type of commerce involving the exchange of products, services or information between businesses, ...

  • return on investment (ROI)

    Return on investment (ROI) is a crucial financial metric investors and businesses use to evaluate an investment's efficiency or ...

  • big data as a service (BDaaS)

    Big data as a service (BDaS) is the delivery of data platforms and tools by a cloud provider to help organizations process, ...

HRSoftware
  • talent acquisition

    Talent acquisition is the strategic process an organization uses to identify, recruit and hire the people it needs to achieve its...

  • human capital management (HCM)

    Human capital management (HCM) is a comprehensive set of practices and tools used for recruiting, managing and developing ...

  • Betterworks

    Betterworks is performance management software that helps workforces and organizations to improve manager effectiveness and ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close