UAC of Windows Vista is No More Impregnable
Robert Paveza, an Internet application developer, has come across a fairly interesting and possibly perturbing 2-step process, which could let malware to get around the User Access Control of Windows Vista.
This flaw employs a 2-step assault vector to beat a default Windows Vista's installation. Initially, a malevolent program allows itself to be downloaded and then run quietly. Once run, this program called "proxy infection tool" may behave as anticipated. However, it launches a 2nd level malevolent payload, thereby making the tool a vital part of 2nd page attack. Ron Bowes of Symantec explains the fundamental of the theoretical attack of Paveza. Zdnet published this in news on May 16, 2007.
The attack outlined by the researcher comprises of Start menu's construction. Start menu of a user is constructed from a minimum of two locations. In which, one represents the Start menu folder of the user while another is global.
The user runs the tool of proxy infection, which writes on to the Start menu folder of the user and then reads from Start menu (the global one) folder without even requesting the elevated permissions. This program then carries out search for global 'Start' folder for programs requiring elevation, and creating replicas in user's folder, which point toward the malevolent program. This is referred to as the 2nd stage of the assault.
Later on, while trying to run the program with modified shortcut the user is sees an apparently normal UAC (User Account Control) elevation window, and the modified duplicate shortcut runs the desired program as well as the malware chosen by the virus writer, as published by Techreport on May 17, 2007.
As per Paveza, Windows user interface's design doesn't offer a workable solution to this vulnerability, however he recommends minor changes in UAC mechanism so that the end-user can be provided with a clue about such assaults.
However, on being asked by eWeek for a response, Microsoft did not appear too worried, indicating that the afore-mentioned flaw requires a user to first download a malevolent executable file and then only get the machine invaded by a Trojan horse - using social-engineering or other means.
According to Dennis Fisher, Microsoft columnist, "this can cause serious harm if executed successfully," as Zdnet published it on May 16, 2007.
Related article: US Passes Baton to Asia in Spam Relay
» SPAMfighter News - 23-05-2007