I have two questions:
1. Problem: I suspect that it may be possible to modify the name of a loaded module, i.e. a process monitor displays "foobar.dll" but it really contains mallicious code?
Question: Is this possible? It doesnt seem so far fetched.
2. About process thread hijacking: is that really something smart? Its not like most processes have a bunch of auxillary threads lingering about "just in case" they should be necessary. As a coder you create a thread when you need one. As far as i see it, Hijacking a thread in the middle of its execution and overwriting it with a payload of your own could result in a very unstable code.
Question: Is this really something that is used out there in the wild or is it just theoretical?
Thanks in advance for any replies.