*shrugs* Which becomes a nonissue if you aren't running with admin creds which Windows 7 shouldn't be. I've been running as a power user for the better part of 5 months now and only once have I had to give my account admin rights because windows was upchucking on doing something through the normal elevated credentials process. (It was adding a network printer. For some reason the system REFUSES to check Windows Update for a driver without admin rights.) UAC is a band aid for people who refuse to take security serious. *shrugs* IMHO its better then nothing, and I expect however they are bypassing it will get patched pretty fast by MS....or at last I would hope so unless its a massively glaring method of bypassing it.
Oh PS. It doesn't say what setting UAC was set to either. since this is coming from an AV company my assumption is either default or lower to convince you to buy their app to avoid this. If it was at its highest setting which pretty much would scream at you for changing icon prefs like its doing with this. From what I'm seeing from this trojan it appears to be acting as any normal app would. Read: running an exe (Not uncommon), del noncritical files a.k.a shortcuts (Again higher settings on UAC will scream at you for this.), changes windows prefs like the background, runs a exe in the task bar to popup fake status messages, and drops popup windows on screen to say OMG YOUR HARD DRIVE!!! FAILZ! NAO!! I mean for all intents and purposes can't any app on any platform do the above without elevated privileges?
In theory? Yes. But to be able to do it across all user accounts on the system and persist over reboots, no, not even in Windows. Not without installing or inserting itself in to the system at some level so that Windows will automatically run the exe on start up. Read: A system level change that the default level of UAC is supposed to stop.
I can guess a lot of things about the trojan in this particular example. However a better example is the real one that hit my company a month or two back. That one installed a key logger on to the system, with none of the users hit running as admin.
UAC is a band aid for people who refuse to take security serious. *shrugs* IMHO its better then nothing, and I expect however they are bypassing it will get patched pretty fast by MS....or at last I would hope so unless its a massively glaring method of bypassing it.
Oh PS. It doesn't say what setting UAC was set to either. since this is coming from an AV company my assumption is either default or lower to convince you to buy their app to avoid this. If it was at its highest setting which pretty much would scream at you for changing icon prefs like its doing with this. From what I'm seeing from this trojan it appears to be acting as any normal app would. Read: running an exe (Not uncommon), del noncritical files a.k.a shortcuts (Again higher settings on UAC will scream at you for this.), changes windows prefs like the background, runs a exe in the task bar to popup fake status messages, and drops popup windows on screen to say OMG YOUR HARD DRIVE!!! FAILZ! NAO!! I mean for all intents and purposes can't any app on any platform do the above without elevated privileges?
Reply
I can guess a lot of things about the trojan in this particular example. However a better example is the real one that hit my company a month or two back. That one installed a key logger on to the system, with none of the users hit running as admin.
Reply
Leave a comment