With few exceptions (e.g., notably the SQL Slammer and Code Red worms), almost every malware program programmatically exploits Windows to ensure its continued survival. Table 1-1 contains the most extensive listing of where malware can hide in a Windows system of any publication. In summary, malware tries to use applications, files, folders, registry keys, and other mechanisms that are automatically executed when Windows (or another common program) starts. The forthcoming lessons in the remaining chapters are based upon defending Windows computers against these common malware exploitation techniques.
New exploits methods are added every month. Go to www.wrox.com to get an updated list.
If you felt this comprehensive list was overwhelming, you can find some comfort in the fact that almost all automated malware hides in the HKLM\Software\Microsoft\Windows\CurrentVersion\Runregistry key. If you suspect a malware program, go there first, but Table 1-1 will help you locate malware when that particular registry key does not reveal the rogue program.