[Dailydave] Vista speach recognition
George Ou
george_ou at lanarchitect.net
Wed Jan 31 14:26:13 EST 2007
Ah I made a wrong assumption. Any executable you launch regardless of
whether it attempts to access system files or not will trigger UAC.
The file deletion concept still works though.
George
-----Original Message-----
From: George Ou [mailto:george_ou at lanarchitect.net]
Sent: Wednesday, January 31, 2007 3:09 AM
To: 'Sebastian Krahmer'; 'dailydave at lists.immunitysec.com'; 'Rich Mogull'
Subject: RE: [Dailydave] Vista speach recognition
I just verified that TinyURL.com will give you a nice URL to an executable.
Here's an example of a URL that opens a .EXE file.
http://tinyurl.com/3d588b
Now imagine that this was actually a user-mode malicious payload that avoids
triggering UAC which contains ransomware. It's very easy to use Vista
speech command open IE7 and say "tinyURL.com/3d588b", "enter", "run". That
will actually download and launch your desired payload from any website and
TinyURL will make it easy to say. This is actually easier than my
successful document-deleting recycle bin emptying test because it's a
shorter script.
George
More information about the Dailydave
mailing list