this post was submitted on 31 May 2024
90 points (97.9% liked)

Cybersecurity

5759 readers
43 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 6 months ago (1 children)

This is fascinating to me because I was taught not to restart your computer if you suspected malware because restarting it would basically activate it

[–] [email protected] 6 points 6 months ago (2 children)

You can't activate malware by restarting your system. There's no reason why an attacker would wait for a restart to do what they want to do.

What can happen is that restarting doesn't help fix anything related to malware if the malware has been written to gain persistence. It'll edit the registry so that it can run on startup, so restarting your system makes no difference.

[–] [email protected] 8 points 6 months ago

They might be thinking of malware spread on floppy disk or a usb stick. A restarting computer with sus media inserted might have treated them as a boot device back in the day and run the executable code with higher privileges

[–] [email protected] 4 points 6 months ago

It would entirely depend on the design of the malware. If a malware author wanted to chronologically separate infection from detection, doing persistance and then not activating until next reboot wouldnt be unreasonable.

For example, if a user visits a site, and 10 seconds later their PC gets cryptolockered, they can report the site. If they visit a site, and then a hundred others, and then 10 days later their PC reboots and gets cryptolockered, they will have no idea which site did it.