The purpose of this study was to investigate automatic execution methods in Windows operating systems, as used and abused by malware. Using data extracted from the Web, information on over 10,000 malware specimens was collected and analyzed, and trends were discovered and presented. Correlations were found between these records and a list of known autostart locations for various versions of Windows. All programming was written in PHP, which proved very effective. A full breakdown of the popularity of each method per year was constructed. It was found that the popularity of many methods has varied greatly over the last decade, mostly following operating system releases and security improvements, but with some frightening exceptions.

Library of Congress Subject Headings

Microsoft Windows (Computer file)--Security measures; Malware (Computer software)--Research; Computer security

Publication Date


Document Type


Department, Program, or Center

Department of Computing Security (GCCIS)


Mishra, Sumita

Advisor/Committee Member

Pan, Yin


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: QA76.9.A25 G68 2009


RIT – Main Campus