Madrid, November 17, 2006 - This week’s report looks at a series of Microsoft vulnerabilities, MS06-066, MS06-067, MS06-068, MS06-069, MS06-070, and MS06-071, the TelnetOn.A worm and the Briz.S Trojan.
Bulletins MS06-067 to MS06-071 refer to several critical vulnerabilities, including a cumulative update for Internet Explorer (MS06-067), a flaw in Flash Player (MS06-069) and another in XML Core Services (MS06-071). The MS06-066 bulletin is classified as "important" and deals with problems in the client service for NetWare. Microsoft has made security updates for these problems available to users. It is advisable to install them as soon as possible, as many of these flaws could compromise system security by allowing code to be run.
The TelnetOn.A worm creates an Administrator account on the affected
computer, which allows it to take full control of the target system
through the Telnet service. One of the main actions that this worm
carries out is ending processes belonging to several security tools,
such as antivirus or firewall programs. It also ends processes
belonging to other malicious code.
Once installed on the affected computer, TelnetOn.A prevents access to
certain websites, including websites of antivirus applications. This
worm spreads through the P2P programs eMule, KaZaA and Morpheus, the
mIRC program and email.
Finally, Briz.S is a password-stealer Trojan made up of several
components downloaded via the Internet. Its aim is to steal private
information from the affected computer, such as the IP address, and
capture data entered by users in Web forms through Internet Explorer
(usernames and passwords for accessing email, banking services and
other online services).
It also prevents the attacked computer from accessing certain websites
belonging to antivirus vendors. It uses the affected computer as a
gateway to anonymously connect to third-party Telnet, SMTP, FTP and
HTTP services. Briz.S needs an attacker’s intervention to spread, and
can reach computers in many ways: CD-ROMs, email messages with
attachments, Internet downloads,
or IRC channels.
All users who want to know whether their computers have been attacked
by these or other malicious code can use ActiveScan, the free solution
available at: www.activescan.com.
Users can carry out a complete inspection of all the areas of their
computers that they suspect might be infected, free of charge.
For further information about these and other computer threats, visit Panda Software’s Encyclopedia.