Month: March 2010

Abusing MSI’s elevated privileges

Microsoft Windows operating systems come installed with a Windows Installer engine which is used by MSI packages for installation. One of the powerful features is that MSI packages can be installed with elevated privileges for non-admin users. For a package to use elevated privileges the a registry name “AlwaysInstallElevated” must exist in both keys with…


Fake Antivirus “XP Guardian 2010” exe hijacking

Another fake antivirus software calling itself “XP Guardian 2010” is doing its rounds displaying bogus pop-ups and fake scans enticing you to buy its product. What is interesting about this malware is that this one changes the machine exe associations in the Windows registry. When any executable with an exe extension is manually or automatically…