System reconfiguration malware makes sure a specific value is set within the configuration of an application. For example, the proxy server entry in the Microsoft Windows system registry to make Internet Explorer to send its web requests to an attackers intercepting web proxy server (see the following sub chapter “Proxy reconfiguration”).
Malware that modifies target systems configuration is typically running in the background and makes sure the changes stay there permanently. This is done by observing the configuration value and in case the value was reset the malware reassigns its own value again. To be less noisy the malware can modify the configuration once, stops afterwards and deletes itself.

In the following chapters I will describe situations of typical system reconfiguration examples attackers are using and what benefit they have by doing so.