Malware is software that the owner/user of the computer system does not install himself. Malware typically enters the computer system without the knowledge of the user—generally via the network interface and sometimes through software or other digital data stored on removable media such as a CD-ROM or USB pen-drive. The intent of malicious software is to damage the user's system by deleting important data or deleting important operating system and application executable files rendering the infected system unable to operate. If user data (such as photos, emails, documents) are deleted and the user does not have a backup of the lost data, that user data may never be recovered. If operating system or application files are deleted, the system may be recovered by re-installing the damaged or deleted software. In either case, malware causes significant damage in terms of loss of productivity as well as user data. Malware is becoming more dangerous in that the software may not noticeably damage the system but rather remains hidden (deleting important files would immediately alert the user to the presence of the malware) and attempts to steal important information such as credit card numbers, usernames and passwords, and so on.
Malware typically enters the system via the internet (i.e., via the network interface). Upon entering the system, malware first attempts to become ‘resident’ on the system by writing a copy of malware system files to the secondary storage or hard disk drive of the system. Once a copy is made in persistent storage, the malicious software remains on the computer system until the malicious software is found and deleted (which is what most anti-virus software does). However, becoming persistent on the platform does not guarantee that the malicious software will be activated (or loaded) if the computer is rebooted. To ensure boot-time activation in addition to becoming persistent, the malicious software inserts commands into the startup (or boot) sequence of the computer. Once this is successfully accomplished, the malicious software is re-activated every time the computer is switched on, surviving reboots/power-cycles.
Malware ‘hook’ into the boot sequence of the system by modifying or ‘attaching’ malware software files and/or commands to operating system executable files that are always loaded and activated during the OS boot process. An alternative, frequently used technique is for malware to modify system configuration files that control the boot processes by listing the malware files as ‘legitimate’ system files to be loaded at boot time. Once these operating system executable files and/or system configuration files are corrupted, malware can establish an environment in which protections normally provided by the operating system are circumvented.