[21542] in bugtraq
W2k: Unkillable Applications
daemon@ATHENA.MIT.EDU (Thomas Zehetbauer)
Mon Jul 16 17:23:06 2001
Date: Mon, 16 Jul 2001 18:59:21 +0200
From: Thomas Zehetbauer <thomasz@hostmaster.org>
To: Bugtraq Mailing List <bugtraq@securityfocus.com>
Message-ID: <20010716185921.B21654@hostmaster.org>
Mail-Followup-To: Bugtraq Mailing List <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="kXdP64Ggrk/fb43R"
Content-Disposition: inline
--kXdP64Ggrk/fb43R
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Task Manager in Windows 2000 refuses to kill any process named
- winlogon.exe
- csrss.exe
- smss.exe
- services.exe
showing a message box stating that this is a critical system process and
cannot be ended by task manager.
Although these processes were and are still protected by their ACL (Access
Control List) Microsoft is now using case-insensitive string comparison to
determine whether a process belongs to the operating system.
You can now call you favorite trojan winlogon.exe and task manager will not
only refuse to terminate it but will also incorrectly state that it is a
critical system process.
Regards
Tom
--=20
T h o m a s Z e h e t b a u e r ( TZ251 )
PGP encrypted mail preferred - KeyID 96FFCB89
mail pgp-key-request@hostmaster.org
--kXdP64Ggrk/fb43R
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQEVAgUBO1MdaGD1OYqW/8uJAQG3gAgAkh62DdVNjb++4QOnrPt0yjrNnpEBl08M
J+RE+SUk7APVi4QKdWBaTZEZLfY3RbotsRHL7b5ay+R1GQqpaH2t03RHVWlpiwXG
66+ePEx32obonz7TcuYDi/fOiVauQKum8QQB1AMkhiz/Svj0KXkCA7P38uLUkMTk
x06OXCBIWoLeVe69ZvQ2JRT1FkY9QiEwUpJrCXr0Nw/8dqukHtrBKdHpQ+6gwndP
n2ZHm8zFBWnKKGxxYSkIbRtVPNBq5reX3lw+d6BGS6/V7ZsAUcbc1ZoAqOgiPi21
RK2uOJbV2HNHVLR1TjOVlYp8wR+QokSu8N1y0hLW+xusuTGeIlIBtw==
=W2L8
-----END PGP SIGNATURE-----
--kXdP64Ggrk/fb43R--
