This is one of those things that go unnoticed until someone comes up with a deviously crafted malware to demonstrate its potential. If you’re on a Windows system, try hitting the SHIFT key five times and you’ll see a dialog box similar to the one below.

The resulting dialog box is an interface to enable the use of StickyKeys, which is a Windows feature to aid handicapped users. There is nothing really wrong with the use of this feature. The only problem is how it is implemented.

You see, when you hit the SHIFT key 5 times, a file called sethc.exe is executed from within the Windows folder. This program is the one responsible for the dialog box that you just saw earlier. Regardless of the content of sethc.exe, Windows would still execute it if the SHIFT key were pressed 5 times. If the original contents of the file were overwritten with malicious code, then the malicious content would be executed once the SHIFT key is pressed 5 times. This feature provides malware authors with a potential attack vector.

To mitigate this, you can disable the shortcut for StickyKeys. You can do this by opening the Control Panel and modifying the settings for StickyKeys in the Accessibility Options dialog. Click on the Settings button and uncheck the option for using the keyboard shortcut.

Once this setting has been put into effect, hitting the SHIFT key 5 times will no longer activate the StickyKeys interface.