Browsing articles from "July, 2008"

Trend Flags Adobe Reader 9 as Virus

Jul 2, 2008   //   by David Bates   //   Funny Things  //  3 Comments

Today my boss asked me to look at his system as he believes that Adobe has infected his system with a virus.
I take a look and sure enough everytime I tried to download Adobe Reader 9 our antivirus software flagged it as PAK_Generic.001 and that it was unable to clean it.

I thought surely Adobe hasn’t been hacked. So I got on the horn to our admin that deals directly with Trend (our antivirus provider). and after several hours I recieved the following message:

Update from AV team:
==================
We have analyzed the file getPlus_reg.exe (15,472 bytes) which can be downloaded from the following URL was verified this to be non malicious:

http://www.adobe.com/products/acrobat/readstep2.html

This is a legitimate file that belongs to Adobe Systems Incorporate. And since this file has been falsely detected by our Intellitrap pattern as PAK_Generic.001, we will be modifying our pattern files to undetect this sample.

We will inform you right away once the pattern is available for release and ready for download.

You will receive a notification containing the CPR version where the patterns related to this case is included.
==================

Regards,
Name not included for identity reasons.

So it would seem that Trend is flagging Adobe Reader 9 as a virus and hopefully they will update there patterns soon.

Thanks
David Bates

Make a Comment

Vista Backdoor Hack

Jul 2, 2008   //   by David Bates   //   All Post, Hacking, Software  //  1 Comment

I recently found this little gem while working on a deployment strategy for my company.
Basically, you can switch one of the apps in the ease of access suite with CMD and create a backdoor into your system that has a user of system!

I choose to use the On Screen Keyboard utility as I knew that this was the most useless to me. Any program in the Ease of Access suite will work however.

Instructions:

Make A COPY!
1. Make a copy of the original program, just in case you decide to undo this. You can do this several ways; I choose to drag the item to my desktop. osk.exe can be found in %windir%\System32\.

Change the Owner
1. Right click on the OSK.exe program in %windir%\System32\ and select properties.
2. Click the Security tab and then click on Advanced.
3. Click on the Owner tab and then click Edit. (You will have to answer a UAC prompt)
4. Now click on your username and click apply.
5. Close all dialogs.
6. Re-open Properties and Security for OSK.exe, now give yourself full control.
7. Click apply and close all dialogs.
8. Delete OSK.exe

Make CMD look like OSK
1. Copy CMD to a location that you have permission for.
2. Rename CMD to OSK.
3. Copy OSK(CMD) to %windir%\System32\ you will receive a prompt. Click Replace.

Using Your New Backdoor
You have now implemented your new backdoor. All you have to do is log off, click the Ease of Access button, and click on On Screen Keyboard. You will now be presented with a command prompt that is logged on as the system.

But Wait There?s More
If you now run explorer you will have a working taskbar and can launch any application you wish. (Remember that not all applications will run as some services have not started.)

I will take screenshots to help with this soon.

Enjoy
David Bates

Make a Comment
Pages:«12