What kind malware/spyware could someone put into a service that doesn’t have it’s own process on windows? I mean services that use svchost.exe for example, like this:
Could a service spy on my keyboard input? Take screenshots? Send/receive data over the internet? Infect other processes or files? Delete files? Kill processes?
Answer
What is a service?
A service is an application, no more, no less. The advantage is that a service can run without a user session. This allows things like databases, backups, the ability to login, etc to run when needed and without a user logged in.
What is svchost?
According to Microsoft: “svchost.exe is a generic host process name for services that run from dynamic-link libraries”. Could we have that in english please?
Some time ago, Microsoft started moving all of the functionality from internal Windows services into .dll files instead of .exe files. From a programming perspective this makes more sense for reusability… but the problem is that you can’t launch a .dll file directly from Windows, it has to be loaded up from a running executable (.exe). Thus the svchost.exe process was born.
So, essentially a service which uses svchost is just calling a .dll and can do pretty much anything with the right credentials and/or permissions.
If I remember correctly, there are viruses and other malware that do hide behind the svchost process, or name the executable svchost.exe to avoid detection.
Attribution
Source : Link , Question Author : Forivin , Answer Author : Community
