This has been capable since 95 I think, the location of program the
shortcut is linked to and the location of the icon that is displayed
are 2 different settings in the shortcut.
Heck you don't even have to change one of the users icons, just make
your own and use a known system icon and bundle it with your trojan
and let it overwrite the existing one.
Jacob Bresciani
"Passwords are like bubble gum, strongest when fresh, should never be
used by groups and create a sticky mess when left laying around"
-anon
On Sep 26, 2005, at 6:32 PM, Greg wrote:
....really shoot your XP machine in the foot, so to speak.
Pick any program shortcut that is pinned to your start menu. If you
don't have any, find any old program shortcut (or make one) then
pin it to your start menu. Now go find some other shortcut to a
completely different program and open it's properties. Copy the
full path info from that one and past it into the path info in the
properties for that other shortcut that is pinned to the start menu
and click OK to make it stick. Now carefully look at that icon. It
hasn't changed. Now click on it. The icon now starts that other
program instead of the one it looks like it is SUPPOSED to start.
Now while all that is simple "so what?" to most of you, think of
this - I deal in a lot of low level security stuff that is below
the radar of a lot of you but if an icon that is frequently used in
the list of commonly used programs or those pinned to the start
menu can be so easily changed to start some other program yet not
look like it was tampered with at all, why couldn't the next Trojan
include code to do this? Eg, place a Trojan on the C drive, copy
the full path info into the "Windows Update" icon on your start
menu (for example) where it runs that Trojan instead. That Trojan
may do what it is designed to do and also do the actual starting of
Windows Update after that.
What stops a local user or a Trojan doing this in a normal XP
installation that hasn't been changed and all runs at admin levels
as so many businesses do?
Greg.
