Dropper

from Wikipedia, the free encyclopedia
This article or the following section is not adequately provided with supporting documents ( e.g. individual evidence ). Information without sufficient evidence could be removed soon. Please help Wikipedia by researching the information and including good evidence.

A dropper or virus dropper is a stand-alone executable program - file that the most first-time release of a computer virus is. Computer viruses are not independent executable programs, but only parasitically attack other program code. For this reason, a computer virus needs a special carrier program, the virus dropper, to run for the first time. As such, the dropper is a Trojan horse("Trojans"). The exception here are a few droppers, which themselves are file viruses, but can also drop a boot sector virus. This type of malware is also called a hybrid virus because it combines two types of viruses. A hybrid virus can in turn be released by a Trojan horse as a dropper.

As an alternative to using a dropper, many virus programmers simply embed the virus code manually in an executable program or use a tool called a linker. The artificially infected program then serves as a kind of "patient zero" for the spread, and is distributed in various ways.

An anti-virus program's on-access scanner can heuristically detect that new machine code is about to be injected into an executable file, and thus prevent the virus from being sent to the system in question.

Another modified type of dropper, which only stores malware in temporary memory, is called an injector . This version is a bit more dangerous because a user cannot notice the malicious code directly.

Droppers are often included in files from file sharing networks and disguise themselves, for example, as no-CD cracks . Since these programs are known to cause false alarms in virus scanners, the chance of a successful infection is significantly higher despite virus protection. A user who has already experienced several false reports from the anti-virus program in this regard might also classify real malware as a false alarm.