Windows register flaw may allow stealth viruses

Posted on Monday, August 29 2005 @ 9:23 CEST by Thomas De Maesschalck
A flaw related to how Microsoft Windows handles entries in the registry may be abused by hackers to hide evidence of viruses for most anti-virus and anti-spyware programs.
"Once we started to play with [the vulnerability], the nastiness became apparent: An overly long registry entry can be added, but won't be shown by regedit and regedt32," wrote ISC handler Daniel Wesemann on the group's alert site. "Even better, all registry entries that get added afterward under the same key, even if not overly long, will be hidden as well."

Other security professionals agreed. "This newly-discovered vulnerability can hide other entries in the registry, hiding malicious code 'autorun' entries, for example, behind this long registry key," said Mitchell Ashley, the chief technology officer of Colorado-based StillSecure.
More details at TechWeb




Loading Comments