Reply to post: Re: What?

Microsoft SolarWinds analysis: Attackers hid inside Windows systems by wearing the skins of legit processes

TonyJ Silver badge

Re: What?

Not sure about that - if you install say McAfee (don't... but I've worked at places that still use that abomination) it's then locked down to the extent that removing it/stopping processes requires a specific account.

Mangling the registry can require elevated rights and I'd have assumed (perhaps incorrectly) that this should be the case and you shouldn't be able to take ownership of the keys without again providing elevated credentials.

Which suggests to me (again I could be wrong) that the core compromised processes that spawned the attack were being run with elevated rights.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021