Wednesday, January 04, 2006

JIM Dodds forwards this alert for your information... via email


Alert List A: Alert Level 3 - ThreatCon Level 3

High : Known threat
This condition applies when an isolated threat to the computing infrastructure is currently underway or when malicious code reaches a severe risk rating. Under this condition, increased monitoring is necessary, security applications should be updated with new signatures and/or rules as soon as they become available and redeployment and reconfiguration of security systems is recommended. People should be able to maintain this posture for a few weeks at a time.

At this time The Millennium Group has raised our world wide threat level to 3. Level 3 out of 4.

Trojan.Satiloler.B is a Trojan horse that attempts to steal user names, passwords, and other information from the compromised computer. It also attempts to open a proxy server on a random TCP port.

It has been reported that the Trojan is downloaded by malformed WMF files that utilize the Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability (as described in BID 16074).

The list of exploits being written for this issue with the WMF flaw is now being reported at over 200 per hour. All major AV companies are pushing out AV definitions as they become available and we are recommending end users update each time BEFORE entering the mainstream internet. We are recommending at this time IT Administrators do hourly AV updates. Wide spread reports of servers being infected are now being reported in 37 countries. Ilfak Guilfanov's HOTFIX has been published to our website at www.myuplink.net/hotfix , we are recommending users of Windows2k and above including servers, install this HOTFIX as soon as possible. There is no workaround available for Window 3.1 - Windows 98 - Windows 98 SE or Windows ME and one is not expected. To help some what on the email side of this flaw we are recommending disableing HTML in your email software and that you unplug your internet connection before opening any email once it has been received.

Microsoft has again affirmed that they will issuse their copy of Ilfak Guilfanov's patch somewhere around the 10th with their monthly security update.

We are recommending that until you have patched your operating system that you limit your time on the internet, even to your regular sites as reports of site hijacking are wide spread. Our servers have been patched and being monitored for any abnormal TCP traffic. This shear volume of wild exploits has not been seen in over 4 years.


Updates to this World Wide Level 3 alert will be published as new information becomes available.



The Millennium Group

No comments: