Re: How to....

[Larry Offley <lucullus () telus net>]

Yes you could do this but it is mostly pointless. If a Trojan already 
had enough access to do this it most likely could just run its self and 
do whatever it was designed to do anyway. If you have a hostile program 
on your machine that has been run (as it would have had to do to change 
the  shortcuts) then the game is already over.

Larry Offley

Greg wrote:
> ....really shoot your XP machine in the foot, so to speak.
>
> Pick any program shortcut that is pinned to your start menu. If you 
> don't have any, find any old program shortcut (or make one) then pin 
> it to your start menu. Now go find some other shortcut to a completely 
> different program and open it's properties. Copy the full path info 
> from that one and past it into the path info in the properties for 
> that other shortcut that is pinned to the start menu and click OK to 
> make it stick. Now carefully look at that icon. It hasn't changed. Now 
> click on it. The icon now starts that other program instead of the one 
> it looks like it is SUPPOSED to start.
>
> Now while all that is simple "so what?" to most of you, think of this 
> - I deal in a lot of low level security stuff that is below the radar 
> of a lot of you but if an icon that is frequently used in the list of 
> commonly used programs or those pinned to the start menu can be so 
> easily changed to start some other program yet not look like it was 
> tampered with at all, why couldn't the next Trojan include code to do 
> this? Eg, place a Trojan on the C drive, copy the full path info into 
> the "Windows Update" icon on your start menu (for example) where it 
> runs that Trojan instead. That Trojan may do what it is designed to do 
> and also do the actual starting of Windows Update after that.
>
> What stops a local user or a Trojan doing this in a normal XP 
> installation that hasn't been changed and all runs at admin levels as 
> so many businesses do?
>
> Greg.