🔄 Malware Infection Lifecycle
Learn how malware moves from delivery to execution, persistence, evasion, and accomplishing its objectives.
🚨 Security Incident
An employee clicks a phishing email attachment.
Nothing appears to happen.
Hours later:
- Credentials are stolen
- Files are accessed
- Security alerts trigger
The attack actually began long before anyone noticed.
📖 The Malware Lifecycle
⬇️ ⚙️ Execution
⬇️ 📌 Persistence
⬇️ 🥷 Evasion
⬇️ 🎯 Action On Objectives
⬇️ 📡 Communication
Most malware families follow a variation of this process.
📨 Stage 1: Delivery
The malware must reach the target.
Common delivery methods:
- Phishing emails
- Malicious attachments
- Compromised websites
- Fake software downloads
- USB devices
Without delivery, the attack never begins.
⚙️ Stage 2: Execution
The malware must run.
Execution often occurs when:
- A file is opened
- An application is launched
- A script runs
- A vulnerable application processes data
Execution is where many security tools attempt to intervene.
📌 Stage 3: Persistence
Attackers rarely want access for only a few minutes.
Persistence allows malware to survive:
- Reboots
- Logouts
- System restarts
Long-term access often means greater damage.
🥷 Stage 4: Evasion
Malware attempts to avoid detection by:
- Hiding files
- Masking activity
- Avoiding analysis environments
- Disabling security tools
Modern malware often spends significant effort avoiding visibility.
🎯 Stage 5: Action On Objectives
This is why the malware exists.
Examples include:
- Data theft
- Credential theft
- File encryption
- Espionage
- System disruption
Everything before this stage supports the final objective.
📡 Stage 6: Communication
Many malware families communicate externally.
This may be used to:
- Receive instructions
- Upload stolen data
- Download updates
- Report infection status
Security teams often monitor unusual communications for detection opportunities.
🛠 Detection Opportunities
| Stage | Possible Detection |
| Delivery | Email Security |
| Execution | Endpoint Protection |
| Persistence | System Monitoring |
| Evasion | Threat Hunting |
| Objectives | DLP & Alerts |
| Communication | Network Monitoring |
🛠 Security Analyst Toolkit
- Wireshark
- Sysmon
- Process Explorer
- Autoruns
- Windows Event Viewer
- EDR Platforms
These tools help investigators identify lifecycle activity.
🎓 CEH Exam Focus
Understand:
- Malware stages
- Infection vectors
- Persistence concepts
- Evasion concepts
- Indicators of compromise
These concepts appear frequently throughout malware-related topics.
🏆 Key Lesson
Malware attacks are rarely a single event.
They are a sequence of stages.
Break The Lifecycle
Stop The Attack
🦠 Computer Viruses
Learn how traditional computer viruses work, how they spread, how they differ from worms, and why virus concepts still matter in modern cybersecurity.
Recent Comments