Interesting.

IMO, since they use telnet to access the remote computer in the first place, telnet server must be turn on on Vista. And, by default, telnet server is turn off on Vista. Therefore, this attack won't really work. However, this might not much be the case. The malicious document could have forcefully enable telnet server on the background, giving attackers a chance to use telnet to access the victim's computer remotely. Thus, i would say that it's the user's fault for opening the malicious document. If the malicious document is not being opened, i don't think telnet will work at all.

Anyway, thanks for showing the video.

This post has been edited by mystical zero: Apr 25 2007, 11:46 PM

Well, UAC is indeed a new security feature implemented into Vista by which it involves the manipulation of the integrity level. However, what's the use of UAC if users just merely click "Allow" for the sake of getting rid of it without the intention of even reading the prompt or identifying it. I just couldn't understand why users find it annoying. If you have been using Linux for a long time, you should know that this isn't anything. Linux has long ago implemented security elevation prompt (well known as sudo or gksu), much like today's UAC.

In conclusion, users have only themselves to blame for their curiosity when dealing with e-mail attachments and their lacklustre behaviour when dealing with security prompts.