tag:blogger.com,1999:blog-4296897365497731784.post1765945189096583699..comments2023-06-21T22:19:17.736+10:00Comments on stratBLOG - stratsec security research: Flame: msglu32.ocx, Component That Can Track LocationUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4296897365497731784.post-30067262839359880642012-06-01T14:38:24.288+10:002012-06-01T14:38:24.288+10:00The code has references to process/thread enumerat...The code has references to process/thread enumeration and termination APIs (SuspendThread/TerminateThread). If the AV process is protected (it should), then it'll survive the termination.Sergei Shevchenkohttps://www.blogger.com/profile/06381192954708422750noreply@blogger.comtag:blogger.com,1999:blog-4296897365497731784.post-17676382928080125302012-05-31T19:37:15.916+10:002012-05-31T19:37:15.916+10:00Hello
Some of these processes are AVs' ones. ...Hello<br /><br />Some of these processes are AVs' ones. <br />They used to be protected by hooks or callback routines. <br /><br />How this component does to terminate them?tigzy-RKhttps://www.blogger.com/profile/09732073712132941191noreply@blogger.com