Avast WEBforum

Other => General Topics => Topic started by: polonus on December 20, 2005, 06:16:50 PM

Title: Malware does the four E's
Post by: polonus on December 20, 2005, 06:16:50 PM
Hi malware analysts,

Malware does the four E's: Enter - Escalate - Extend - Execute.
Enter- malware may enter via a human operator, removable disks in the boot process, incoming files, downloads, email attachment, autorun, removable disks, datafiles with auto-executed scripts, hacking, the next phase is;
Escalate - this goes about extending the range of possible behaviors from whatever initial beachhead of entering, it is the second nature of malware coders - here the secondary entrance point(s) are opened: system startup axis, application startup, application extensions of aforementioned intrusion points, this is a secondary process that can not be established without the initial entering.
Extend - is the propagation or spreading from one system to another - not all malware propagates itself - some are one-off attacks, some one-offs in milion-fold by email.
Execute -  this is the execution of the payload, which may terminate all the other E's.

Always look upon malware in this sequence.

polonus