Possessing Computers Through Spelling Mistakes
The researchers of Symantec have detected a simple device to attack, that hackers are already using, to break all protections and security and become accessible to LINUX and UNIX based computers.
According to the news published by InfoWorld on May 29, 2007, Ron Bowes, Symantec Security-Response Researcher, mentioned a threat that can allow hackers to carry forward their work on computers and he called it as a " an work of art of the whole concept of 'user separation'".
This device shows same issues that Bowes had recently discussed in other posting that talks about user account control (UAC) and Microsoft's Vista OS's anti-virus privilege-escalation technology.
It is all about the construction of Start menu, which was discussed by Bowes few days ago. A user's start menu is developed from two locations- first is the user's Start menu and the second is global.
The infectious tool, which is run by the user, reads from the global start menu and writes to the user's start menu without asking any prior permission. The second stage of attack is the program makes duplicates in the folder of the user, which signifies deadly codes and searches programs that need elevation in the global Start menu.
Moreover, next time, when the user tries to run a program whose shortcut is changed, then the duplicated shortcut runs both the demanded and malware of the virus writer's choice and the user is faced with a normal UAC elevation window.
Bowes said that there are endless names that might be destroyed in this manner, although he mentioned some examples for the users of Window.
As per the news published by InfoWorld on May 29, 2007, if a regular account runs with a deadly program, then it can't install itself in a system wide directory. If, on an archetypal UNIX- based OS, a user-level program can write to the user's home folder, directory of temporary files, and few other safe-places, then any harmful program can't harm other systems or users.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 08-06-2007