Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vista speach recognition

From: "George Ou" <george_ou () lanarchitect net>
Date: Wed, 31 Jan 2007 11:26:13 -0800
Ah I made a wrong assumption.  Any executable you launch regardless of
whether it attempts to access system files or not will trigger UAC.

The file deletion concept still works though.

George 

-----Original Message-----
From: George Ou [mailto:george_ou () lanarchitect net] 
Sent: Wednesday, January 31, 2007 3:09 AM
To: 'Sebastian Krahmer'; 'dailydave () lists immunitysec com'; 'Rich Mogull'
Subject: RE: [Dailydave] Vista speach recognition

I just verified that TinyURL.com will give you a nice URL to an executable.

Here's an example of a URL that opens a .EXE file.
http://tinyurl.com/3d588b

Now imagine that this was actually a user-mode malicious payload that avoids
triggering UAC which contains ransomware.  It's very easy to use Vista
speech command open IE7 and say "tinyURL.com/3d588b", "enter", "run".  That
will actually download and launch your desired payload from any website and
TinyURL will make it easy to say.  This is actually easier than my
successful document-deleting recycle bin emptying test because it's a
shorter script.



George

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: