would have thought that you would want to protect it?

1. To stop others stealing your "bots"
2. To stop anybody/thing messing with it.

Isn't there a bit of confusion here between "installing" a trojan and "running" it subsequently?
Thank you Nihil. Indeed there have been many cases where drone armies (botnets) have been hijacked by competing criminal groups. So as you see, protecting your criminal enterprise is very common, thus, my commentary on the malware sample used in this tutorial.

Now, I have mentioned in published articles, IRC channels, this site, in training classes, basically everywhere I go, that there is no central regulatory group on forensics (as of this writing) and because of this, what one person says is good another may say is bad. In this case, someone felt that the abscense of going through ASM registrys indicates that something was wrong along with his two inaccurate views on av engines and malware.

That said, I stand by the information in my tutorial as 100% accurate and best practice, with the absolutely minor technicality of referring to Olly and Softice as hex editors (which they are) instead of a full debugging suit.

I'm done with this. No further comments will be made by me in this thread.

--Th13