Windows flaw may hide malicious software

[hesperus]

Bring on the updates . . .

Published: August 26, 2005, 5:11 PM PDT

By Joris Evers
Staff Writer, CNET News.com

Misscreants could hide their malicious software on a Windows PC by using overly long registry keys, security experts have warned.

http://news.com.com/Flaw%20may%20hid...3863&subj=news


More from SANS . . .

http://isc.sans.org/

[d0pp]

That does nothing to hide the malicious software. All it does is prevent certain AV's and whatnot form detecting it.


The keys are still in plain sight.

Just use regedit like a good little hax0r.

[hesperus]

Hidden from AV's isn't hidden enough ??

You're right, but most people don't cruise the registry to see if anything is there that they don't want. If monitoring software can't see it and it doesn't bring attention to itself, it is as good as invisible.

[d0pp]

I believe that this security risk would fit under the topic of "ignorant user"?

You pay $1k+ for a machine that you don't even bother to learn the basics of?

[¤The¤Spe©ialist]

Never mind the fact that most home users go about their day to day under a full administrative account and allow any number of system critical files to be changed. Atleast this way the system will be clean... because the OS said so.

[Soda_Popinsky]

Originally posted here by d0pp
That does nothing to hide the malicious software. All it does is prevent certain AV's and whatnot form detecting it.


The keys are still in plain sight.

Just use regedit like a good little hax0r.

The point is that you can't see them with regedit, and many tools bug out when viewing the overly long reg name.

What can and can't spot a malicious key:
http://isc.sans.org/diary.php?date=2005-08-25

No reason for it not to show up in new malware...

[the_JinX]

And once again assumption is the mother of all ****ups..

I didn't know even regedit assumed 256chars max...

stupid !