Hi to all

We have just given a talk (and also a tutorial) about Windows icons and how a malware attack can pervert and exploit them. We have experimented this - using a undocument features in Windows - under Windows 7 (simple user session without any privilege; UAC not allowed).

This attack enables to execute malware very easily simply using transparent icons. What are transparent icons? Well an invisible icon that covers a normal icon. Any click on that latter will apparently lauch the normal, intended application but in fact the invisible icon is used first (executing the malware) than the malware just locate the mouse coordinate and transfers the action to the normal application. Simple, isn’it?

While we have presented this technique earlier in 2005, we have extended it and added new atack variant. Any mouse-intoxicated used will be trapped!

More on the slides. Have a nice reading!