Latest Microsoft security bulletins, TelnetOn.A and Briz.S malware
Bulletins MS06-067 to MS06-071 refer to several critical vulnerabilities, including a cumulative update for Internet Explorer (MS06-067), a flaw in Flash Player (MS06-069) and another in XML Core Services (MS06-071). The MS06-066 bulletin is classified as “important” and deals with problems in the client service for NetWare.
Microsoft has made security updates for these problems available to users. It is advisable to install them as soon as possible, as many of these flaws could compromise system security by allowing code to be run.
The TelnetOn.A worm creates an Administrator account on the affected computer, which allows it to take full control of the target system through the Telnet service. One of the main actions that this worm carries out is ending processes belonging to several security tools, such as antivirus or firewall programs. It also ends processes belonging to other malicious code.
Once installed on the affected computer, TelnetOn.A prevents access to certain websites, including websites of antivirus applications. This worm spreads through the P2P programs eMule, KaZaA and Morpheus, the mIRC program and email.
Finally, Briz.S is a password-stealer Trojan made up of several components downloaded via the Internet. Its aim is to steal private information from the affected computer, such as the IP address, and capture data entered by users in Web forms through Internet Explorer (usernames and passwords for accessing email, banking services and other online services).
It also prevents the attacked computer from accessing certain websites belonging to antivirus vendors. It uses the affected computer as a gateway to anonymously connect to third-party Telnet, SMTP, FTP and HTTP services. Briz.S needs an attacker’s intervention to spread, and can reach computers in many ways: CD-ROMs, email messages with attachments, Internet downloads, or IRC channels.