Flaw may hide malicious software

by admin August 29, 2005 at 6:13 am

Miscreants could hide their malicious software on a Windows PC by using overly long registry keys, security experts have warned.

These keys are stored in the Windows Registry, a core part of the operating system that stores PC settings. Some antivirus and anti-spyware products scan the registry for malicious programs, but this new weakness allows hackers to hide the presence of their applications, according to security vendor StillSecure.

“It can be used to hide malicious programs on a system that would go undetected by security software or registry scanning tools,” said Mitchell Ashley, chief technology officer at StillSecure, which is based in Louisville, Colorado. Detection and cleanup could be difficult to impossible, according to StillSecure.

The SANS Internet Storm Centre, which tracks Internet threats, on Thursday listed some applications that, according to reports it received, can be tricked by the longer registry keys. The list includes AdAware, Microsoft’s Windows AntiSpyware, HijackThis, Norton SystemWorks 2003 Pro, Microsoft’s Windows Registry Editor and WinDoctor.

Full story: ZDNet Australia