Full Disclosure mailing list archives
Re: Next generation malware: Windows Vista's gadget API
From: pgut001 () cs auckland ac nz (Peter Gutmann)
Date: Sun, 16 Sep 2007 00:55:24 +1200
(The original article was cross-posted to a lot of lists, maybe the discussion could be moved to vuln-dev only, unless everyone wants to see all of this stuff). "Roger A. Grimes" <roger () banneretcs com> writes:
Yes, this is a "new" attack vector, but it is always game over anyway if I can get you to run my untrusted program. In my testing, installing any Vista sidebar gadget results in a minimum of 3 warnings, each saying that the code being installed could be harmful, before it is installed. 5 warnings if the gadget is unsigned.
No, this is an entirely new level of attack, because it's moved the dancing bunnies problem onto the Windows desktop. The level of warnings is irrelevant, you could have a hundred or a thousand warnings and users would still click through all of them to see the dancing bunnies. I first saw this issue covered at the AVAR conference last year (before Vista had even been released), there's only the abstract online at http://www.aavar.org/avar2006/Program/ericchien.html, but it gives a good idea of what the anti-virus guys are concerned about here. Microsoft's coverage of gadget security at the time, http://blogs.msdn.com/sidebar/archive/2006/08/31/733880.aspx, didn't inspire any more trust in the design.
It's something to be aware of, because malicious hackers will exploit them,
Given what an incredible attack vector they are (it's pretty much an open invitation to get malware onto PCs), I'm amazed there haven't been any serious exploits yet. I guess the relatively low uptake of Vista (compared to the XP installed base) has meant that they're not a significant target for the malware industry just yet, since it's still more profitable to do a drive-by iframe exploit and hit all OSes than to mount a Vista-only attack. Peter. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Next generation malware: Windows Vista's gadget API Tim Brown (Sep 13)
- Re: Next generation malware: Windows Vista's gadget API Todd Manning (Sep 13)
- Message not available
- Re: Next generation malware: Windows Vista's gadget API avivra (Sep 14)
- Re: Next generation malware: Windows Vista's gadget API Roger A. Grimes (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Peter Gutmann (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Tim Brown (Sep 15)
- Re: Next generation malware: Windows Vista's gadget API Thierry Zoller (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Tim Brown (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Strykar (Sep 17)
- Message not available
- Message not available
- Re: Next generation malware: Windows Vista's gadget API Tim Brown (Sep 17)
- Re: Next generation malware: Windows Vista's gadget API Peter Gutmann (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Eric Chien (Sep 17)