Researchers create Windows users to the garden with UAC window




Unless users properly inspect the message is User Access Control in Windows no guarantee that malware is not running with administrator rights. Researchers have created malware that users may lead to the garden.

UAC must occur on Windows systems to malware on a system in place is given administrator access, allowing users to give permission before programs run at that level. UAC is however not waterproof, unless users UAC windows thoroughly inspect, warn researchers at security company Cylance.

The researchers developed a proof of concept malware which users could lead to garden. The malware waits until a user starts the administrator needs access a process, and then use the same process to perform operations on a system. The attack must be tailored to the process that the user starts. The researchers have two Windows processes made ​​examples – the command-line tool and the program that the registry can be edited – but suggest that other processes can be abused.

In the case of the command-line tool malware waits until the user start the command-line administrative access to to the user and then have to ask for permission for such a process. It carries the malware via the command line own code. Then a new window of the command-line tool is opened so that the user does not notice.

The attack via the Registry Editor is slightly more complicated: as it quietly loaded an external .reg file, which own registry operations can be performed. The malware then opens a new register window so the user still gets the window he expected. He gets or twice a UAC window.

The researchers Cylance note that it is not a bug in UAC, but a way to abuse the way UAC works. Users can protect themselves by carefully inspecting the UAC notifications, and click on ‘more information’, but they must then have the technical knowledge to assess the value of information.


In: Technology & Gadgets Asked By: [15575 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »