There’s been a vague assumption in some quarters that because Vista initially proved so hard for legitimate programmers to tangle with, malware writers would struggle as well.
Here’s a real-world example of Vista being undermined, passed on by PC Tools, a company that has set out to trash the notion that the lack of successful Vista malware signals a deeper immunity.
As described, a user downloads a fake codec, which bypasses UAC on the basis that it appears to be legitimate. This then runs the old spyware popup scam claiming that the user’s PC is riddle with malware (the ‘viruses found, please click here to disinfect’ angle), asking that the user fills in a form with credit card details. UAC doesn’t intervene once the user has signalled his or her assent to the original codec.
PC Tools says it found 6,348 examples of this attempting to install on Vista machines, which means that number of users fell for the scam to some degree. The miscreant is a member of the ubiquitous Trojan.Zlob family, which wasn’t even programmed for Vista specifically. It just happens to work, or partly work.
“After performing some analysis on Trojan.Zlob, the findings are that while some installers
cannot deliver their entire payload due to some of the malware’s lack of support for Vista, a
few trivial changes to the code (such as what folder the malware is copying files to) would
make the installer entirely effective on Vista,” says PC Tools’ analysis.
Vista’s programming model is more disciplined than that of XP for sure, and its lack of familiarity might afford some delay in malware creation, but there is no evidence that it provides an insurmountable barrier.
Its weakness as exactly as imagined – engineer a way past UAC and you’re in. Since users remain gullible enough to trust unknown or unsigned applications (what’s that, you hear them say), this will in time prove an easy barrier to leap.