semi ot uac exploit possible via fake dialogs

Hi all, I was thinking about the possibility to fake the UAC prompt for credentials by a malicious process, in order to get the admin password. In example, a malicious process shows a fake UAC dialog prompting for Admin credentials when started, and then stores the admin password for later sending or wathever. Since Vista shows too many UAC dialogs, I think we will enter the admin credentials in a mechanichal way, so this exploit could be possible and easy to implement. I'm missing some important technichal data about UAC which prevents this? What do you think?
Fernando

I read somewhere the UAC will be a bit less intrusive in the future.. but I thinkif some program did want to put up a "fake" UAC you'd still have to give it permission to run.. and then it would also run into the Firewall later on assuming you have that enabled also.
"Fernando" wrote:

Hi all, I was thinking about the possibility to fake the UAC prompt for credentials by a malicious process, in order to get the admin password. In example, a malicious process shows a fake UAC dialog prompting for Admin credentials when started, and then stores the admin password for later sending or wathever. Since Vista shows too many UAC dialogs, I think we will enter the admin credentials in a mechanichal way, so this exploit could be possible and easy to implement. I'm missing some important technichal data about UAC which prevents this? What do you think?
Fernando

Think the following: If I put on a system a custom made executable which on run shows a fake UAC dialog and it doesn't requires privileged credentials to run, the true UAC never shows, and if this executable never connects to the outside and only stores admin passwords on file, in example, to allow later retrieval, it also never gets the firewall prompt. Think about a lot of people, normal Windows users, which never complains about security, then may be it will be a serious security problem.
"Jason" wrote in message

I read somewhere the UAC will be a bit less intrusive in the future.. but I thinkif some program did want to put up a "fake" UAC you'd still have to give it permission to run.. and then it would also run into the Firewall later on assuming you have that enabled also.
"Fernando" wrote:
Hi all, I was thinking about the possibility to fake the UAC prompt for credentials by a malicious process, in order to get the admin password. In example, a malicious process shows a fake UAC dialog prompting for Admin credentials when started, and then stores the admin password for later sending or wathever. Since Vista shows too many UAC dialogs, I think we will enter the admin credentials in a mechanichal way, so this exploit could be possible and easy to implement. I'm missing some important technichal data about UAC which prevents this? What do you think?
Fernando