Windows register flaw may allow stealth viruses

Posted on Monday, August 29 2005 @ 9:23 CEST by Thomas De Maesschalck
A flaw related to how Microsoft Windows handles entries in the registry may be abused by hackers to hide evidence of viruses for most anti-virus and anti-spyware programs.
"Once we started to play with [the vulnerability], the nastiness became apparent: An overly long registry entry can be added, but won't be shown by regedit and regedt32," wrote ISC handler Daniel Wesemann on the group's alert site. "Even better, all registry entries that get added afterward under the same key, even if not overly long, will be hidden as well."

Other security professionals agreed. "This newly-discovered vulnerability can hide other entries in the registry, hiding malicious code 'autorun' entries, for example, behind this long registry key," said Mitchell Ashley, the chief technology officer of Colorado-based StillSecure.
More details at TechWeb


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments