It's a pretty well-known trick that a malware can name itself svchost and be disguised among the dozens of legit svchosts. However, the solution is to right click on a process -> Open file location, and if the svchost isn't in System32, then it's likely a problem. My question is if the open file location will always lead to the truth. Would it be possible for a malicious "svchost" that's NOT located in System32 open that System32 folder (instead of where the malware actually is) when clicked on open file location?
[link] [comments]
from hacking: security in practice https://ift.tt/JGeWvUt
Comments
Post a Comment