Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months

[InfoSec News <alerts () infosecnews org>]

https://www.zdnet.com/article/researcher-finds-simple-way-of-backdooring-windows-pcs-and-nobody-notices-for-ten-months/

By Catalin Cimpanu
Zero Day
ZDNet
October 17, 2018

A security researcher from Colombia has found a way of gaining admin 
rights and boot persistence on Windows PCs that's simple to execute and 
hard to stop --all the features that hackers and malware authors are 
looking for from an exploitation technique.

What's more surprising, is that the technique was first detailed way back 
in December 2017, but despite its numerous benefits and ease of 
exploitation, it has not received either media coverage nor has it been 
seen employed in malware campaigns.

Discovered by Sebastián Castro, a security researcher for CSL, the 
technique targets one of the parameters of Windows user accounts known as 
the Relative Identifier (RID).

The RID is a code added at the end of account security identifiers (SIDs) 
that describes that user's permissions group. There are several RIDs 
available, but the most common ones are 501 for the standard guest 
account, and 500 for admin accounts.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_