I published the following diary on isc.sans.org: “Adding Persistence Via Scheduled Tasks“:
Once a computer has been infected by a malware, one of the next steps to perform is to keep persistence. Usually, endpoints (workstations) are primary infection vectors due to the use made of it by people: they browse the Internet, they read emails, they open files. But workstations have a major limitation: They are rebooted often (by policy – people must turn off their computer when not at the office or by maintenance tasks like patches installation)… [Read more]
One comment