TELECOM Digest OnLine - Sorted: Is Malware Hiding in Your Windows Registry?


Is Malware Hiding in Your Windows Registry?


Elizabeth Montalbano (idg@telecom-digest.org)
Tue, 30 Aug 2005 12:26:02 -0500

by Elizabeth Montalbano, IDG News Service

Security experts have found a vulnerability in the Windows operating
system that could allow malware to lurk undetected in long string
names of the Windows Registry.

According to a security advisory by Denmark-based IT security company
Secunia, the weakness is caused by an error in the Windows Registry
Editor Utility's handling of long string names. A malicious program
could hide itself in a registry key by creating a string with a long
name, which would allow the malicious string and any created after it
in the same key to remain hidden, according to Secunia. Keys are
stored in the Windows Registry, which saves a PC's configuration
settings.

Secunia has confirmed that the vulnerability affects the "Run"
registry key, according to the advisory. Malicious strings in this key
will be executed when a user logs in to the PC.

Affected Systems

The vulnerability affects Windows XP and Windows 2000 and has been
confirmed to exist on fully updated XP systems with Service Pack 2 and
Windows 2000 systems with Service Pack 4, according to Secunia.

Microsoft issued a statement on the vulnerability saying it is
investigating the weakness and is not aware of any malicious attacks
that have exploited it.

Moreover, the company asserted that the vulnerability by itself could
not allow an attacker to remotely or locally attack a user's
computer. It could only be exploited if the computer had its security
compromised in some other way or was already running malicious
software.

In its advisory, Secunia provided several solutions to avoid
exploitation of the vulnerability, one of which is to ensure that
systems have up-to-date anti-virus and spyware detection software
installed.

The security company also said it is possible to see the hidden
registry strings with the "reg" command-line utility of the Windows
Registry, and that the "regedt32.exe" utility on Windows 2000 is not
affected by the weakness.

Copyright 2005 PC World Communications, Inc.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, PC World Communicacations, Inc.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Monty Solomon: "Consumers Also Want to Watch TV Programs on Their Mobile"
Go to Previous message: Paul Hoskins: "Ireland Gets World's First Disposable 'Credit Card'"
Next in thread: Dave Close: "Re: Is Malware Hiding in Your Windows Registry?"
May be reply: Dave Close: "Re: Is Malware Hiding in Your Windows Registry?"
TELECOM Digest: Home Page