A dropper is a program that has been designed to “install” malware to a target system. The malware code can be contained within the dropper (single-stage) in such a way as to avoid detection by virus scanners or the dropper may download the malware to the target machine once activated (two-stage). Anti-malware solutions defend against malware attack by actively identifying the potential presence of malware at the earliest possible time, or by more passive approach of periodically scanning a computer system for the presence of malware. However, malware is constantly developed, which has different ways to make it more difficult to identify, and therefore, such solutions do not hermetically prevent potential malware form being installed in a computer system, in particular by a malware dropper.
Once a malware has been installed it is often evades detection by stealth. Malware also evades removal by being so complicated that it is difficult to remove all traces of the malware from an infected computer system.
The art constantly seeks new and improved ways to fight malware, but it seems that no solutions exist to date, to identify the potential presence of malware dropper at an infected machine especially when the original dropper deleted itself.
It is an object of the present invention to provide to provide a method and system which is capable of obtaining dropper samples which can be studied and analyzed (offline) to develop specific antidotes.
It is another object of the present invention to provide a method and system that overcomes the shortcomings of existing anti-malware solutions as is capable of facilitating malware detection/prevention because it provides a way to obtain malware samples.
Other objects and advantages of the invention will become apparent as the description proceeds.