MSI's and malware

Discussion in 'malware problems & news' started by graemedb, May 9, 2014.

Thread Status:
Not open for further replies.
  1. graemedb

    graemedb Registered Member

    Joined:
    May 9, 2014
    Posts:
    5
    How come the vast percentage of malware from emails or websites is either .exe or .scr. Never seen a .msi before.

    Any reason?
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Most malware doesn't install themselves using Windows installer. There is no need for that as there is usually no formal "installation" process of malware. EXE will run by itself without a need for installation package.
     
  3. graemedb

    graemedb Registered Member

    Joined:
    May 9, 2014
    Posts:
    5
    Thanks for the reply.

    So, very unlikely MSI can infect is that the case?
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    It's not usual way to install malware but MSI can't be considered as safe file extension. You can also get PUA (toolbars, trialware...) embedded in installer of other applications.
     
  5. graemedb

    graemedb Registered Member

    Joined:
    May 9, 2014
    Posts:
    5
    As in the main file is msi or embedded to exe?
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Main file is MSI. It's installation package for legit application. Together with application there is embedded PUA. That's how some free applications are distributed to get some money for PUA distribution.
     
  7. graemedb

    graemedb Registered Member

    Joined:
    May 9, 2014
    Posts:
    5
    Like silly BHO?
    Would either way throw in dlls also?
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Yes to both.
     
  9. graemedb

    graemedb Registered Member

    Joined:
    May 9, 2014
    Posts:
    5
    Cool, thank you hqsec
     
Loading...
Thread Status:
Not open for further replies.