Information Security News mailing list archives
Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 18 Oct 2018 06:32:45 +0000 (UTC)
https://www.zdnet.com/article/researcher-finds-simple-way-of-backdooring-windows-pcs-and-nobody-notices-for-ten-months/ By Catalin Cimpanu Zero Day ZDNet October 17, 2018A security researcher from Colombia has found a way of gaining admin rights and boot persistence on Windows PCs that's simple to execute and hard to stop --all the features that hackers and malware authors are looking for from an exploitation technique.
What's more surprising, is that the technique was first detailed way back in December 2017, but despite its numerous benefits and ease of exploitation, it has not received either media coverage nor has it been seen employed in malware campaigns.
Discovered by Sebastián Castro, a security researcher for CSL, the technique targets one of the parameters of Windows user accounts known as the Relative Identifier (RID).
The RID is a code added at the end of account security identifiers (SIDs) that describes that user's permissions group. There are several RIDs available, but the most common ones are 501 for the standard guest account, and 500 for admin accounts.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months InfoSec News (Oct 17)