14

I've been looking into the structure of the online criminal underground, which consists of exploit kits, droppers, and malware payloads.

What is the function of the dropper in this pipeline? Why aren't payloads deployed directly by the exploit kit?

Fred Concklin
  • 821
  • 8
  • 15

1 Answers1

18

Droppers are a framework for deploying payloads. This is useful for botnets because the bot master can deploy his botnet without a specific payload, then rent out his network to his customers who provide the payload they want.

Crime-as-a-service. Got to love it.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 3
    Droppers are generic and hence can be used to download any other payload to the target system depending upon the campaign for which the botnet is in use at a given time (spam, DDoS etc). Also, droppers are small in size and can be easily adjusted within a small space therefore can be part of a large set of exploits. – void_in Oct 20 '14 at 15:24
  • 2
    If anyone is interested in learning more about this, I'd suggest this coursera class that covers the malware economy, https://www.coursera.org/course/malsoftware – Dave Oct 22 '14 at 18:29