At Shmoocon 2013, Jake Williams and Mark Baggett presented a talk on techniques for malware persistence.
We all know the correct course of action with an infected computer is to wipe it and start over. But when it comes down to it, we ignore that advice and attempt to recover. The reasons for this are many. The need to play superhero. Boredom (if you haven’t been cleaning computers, it sounds more challenging than the usual same old). There is also pressure from the business (or from the family member). They don’t want to reload everything. They may not even have the install media.
What is more downtime for the business, waiting for a system reload or having the system be “reinfected”.
When even the average tech might think that Malwarebytes is enough, its hard to convince business to just wipe the drive. And sometimes its hard to convince ourself. Wiping the drive isn’t a personal failing, and this talk from Shmoocon attempts to convince you of that by outlining re-infection techniques you may not have thought of. Autoruns, msconfig or hijackthis aren’t the the beginning and the end for how malware may return to your machine.
The slides are available at www.wipethedrive.com. It’s a good talk and worth checking out the slides.