In fact there are multiple methods to keep the file portion to persist across reboots. Some of the ways tried for POC were:
- Writing beyond the partition boundaries
- Writing in between the partition spaces
and they do not get scanned using any of the file system scanners, but nevertheless, there needs to be a driver which will load portions of the malware from the unreadable locations and it needs to exist on the normal file system. With the advancement in the file-less method and combining it with the older, known rootkit techniques, it is still possible to create a malware than can persist yet undetectable.
|