Researcher Reveals 2Step Vista UAC Hack
Short summary:
Researcher Reveals 2Step Vista UAC Hack. The technique uses social engineering to trick the victim into downloading an innocentlooking file ...
Long summary:
Researcher Reveals 2Step Vista UAC HackPage 1Researcher Reveals 2Step Vista UAC HackThe technique uses social engineering to trick the victim into downloading an innocentlooking filethat includes a Trojan horse attack. A Web application developer has uncovered a twostep process (PDF) for exploiting Windows Vista's UserAccount Control essentially by having a Trojan piggyback on what could be a legitimate download. Robert Paveza a senior Web application developer with Terralever a Webbased marketing companybased in Tempe Ariz. published details of the vulnerability in a paper titled "UserPrompted Elevation ofUnintended Code in Windows Vista." Paveza said in the paper that the vulnerability uses a twopart attack vector against a default Vistainstallation. The first step requires that malware called a proxy infection tool be downloaded and runwithout elevation. That software can behave as the victim expects it to while it sets up a second maliciouspayload in the background. "For instance if users believe they are downloading a 'PacMan' clone such a game could be run while themalicious software did its work in the background" Paveza said. He noted that the infection succeeds forall intents and purposes with the installation of the proxy infection tool. "This pattern of infection follows the typical Trojan horse model piggybacking on what may be otherwiselegitimate software" he said. News of the vulnerability first broke May 15. When eWEEK that day contacted Microsoft based inRedmond Wash. a spokesperson said the company is aware of demonstrations that "purport" to show howa Vista system can be attacked. But the spokesperson said the demonstration provided by Paveza is ofactions an attacker can take on a system that already has been compromised by another means. "With this in mind it is important to note that user interaction is required for the initial infection of theTrojan to occur" the spokesperson said. "The user ...
Source: www.physorg.com
Search Terms:
Related
Researcher Reveals 2Step Vista UAC Hack, Researcher Reveals 2Step Vista UAC Hack.
The technique uses social engineering to
trick the victim into downloading an
innocentlooking file ...,
more
Vista Hack Served Directly by Microsoft, Vista Hack Served Directly by Microsoft. A
hack? Yes. But is it illegal? No. With a
combination of the slmgr.vbs rearm command
and resetting the SkipRearm ...,
more
Hack Windows Vista in Reduced Functionality Mode, Hack Windows Vista in Reduced
Functionality Mode. And rearm the
operating system to prolong Initial Grace.
Windows Vista will move into Reduced ...,
more
