I presume this is to prevent the malware from making an infected binary called profile, which is the Trojan itself?
If so, what's to stop a future attack from using a differently named, or self mutating, file?
Just curious as to how effective this is, given the fact we are talking about root exploits, which can be programmed to overcome most limitations like this.
Or am I missing something here? (reading from my phone so I could have missed a bit of something)