Security Advisor

User Access Control Center of Security Concerns

Microsoft researcher says the threat to systems is raised when the UAC feature is disabled. Plus: Large-scale hacking scam is thrown into the spotlight; Two different hacking groups take credit for Syrian Government Web site hack.

• By Jabulani Leffall
• 08/08/2011

Once again, concerns over security of the User Access Control (UAC) feature prevalent in Windows Vista and Windows 7 are the talk of the blogosphere for Windows IT admins.

In fact it was a new blog post by researcher Joe Faulhaber of the Microsoft Malware Protection Center that keeps the conversation going as the week begins.

While Faulbhaber wasn't specific about how the UAC staves off attacks and how many users might be affected, he did say 23 percent of infected PCs were inundated with rootkits and worms where UAC had been turned off.

UAC is an administrative access control that provides security warnings to end users each time a system change is about to be made in administrative settings. The feature has its genesis in Windows Vista and Windows Server 2008.

"While UAC avoidance continues as a tactic, the Microsoft Malware Protection Center has found more and more malware opening a new front and turning UAC off itself," Faulhber wrote. "Malware does this to prevent users from seeing UAC prompts on every reboot for their payloads."

One surefire way to avoid complications with UAC is to tailor Windows Administrative privileges locally -- depending on the demands and stack characteristics of the processing environment.

Microsoft Office Documents Used in 'Shady RAT' Incursions?
Antivirus giants McAfee and Symantec are trying to dissect what Vanity Fair has called an "Unprecedented Cyber-espionage Campaign and Intellectual-Property Bonanza," called operation Shady RAT.

According to Symantec a widespread hacking scam of the same name sends out e-mails containing various attachments, typically Microsoft Office files such as Word documents, Excel spreadsheets, PowerPoint presentations and PDF documents from which to launch incursions into critical systems.

"Even as we speak, there are other malware groups targeting many other organizations in a similar manner in order to gain entry and pilfer secrets. While there is a need for information, there will always be those ready to supply," Symantec wrote.

The key question the Vanity Fair article and both AV companies pose is whether Shady RAT and other coordinated attacks represent what IT security experts are calling "advanced persistent threat" attacks.

That's a very important question.

Hackers Jockey for Credit in Syrian Defacement
You know the realm of cyber threats has gotten surreal when hackers are fighting for credit for their hack jobs.

That happened this week when a group calling itself the Syrian Electronic Army claimed that attacks against the Syria's Ministry of Defense Web site were actually not from hacking group Anonymous but the work of homegrown Syrian hackers.

After Anonymous took credit for the defacement, defenders of the Syrian Electronic Army's malevolent incursion prowess took to Twitter to state their case.

As of Monday afternoon, it is still not entirely clear who the culprits of this screenshot of a defacement of the Syrian Defense Ministry.