A U.S. company is among the apparently small number of victims specifically targeted by a malicious group using a previously unknown vulnerability in Microsoft Word.
The attack--first brought to light by the handlers at the SANS Institute's Internet Storm Center (ISC)--consists of an e-mail message sent to a small number of individuals in the targeted company. Each message carries a Word attachment and, so far, only two subject lines have been seen: "Notice" and "RE Plan for final agreement."
"This attachment, when opened, exploited a previously-unknown vulnerability in Microsoft Word (verified against a fully-patched system)," said an anonymous source in comments published by the ISC. "The exploit functioned as a dropper, extracting a trojan byte-for-byte from the host file when executed."
Microsoft has confirmed details of the Word exploit. Antivirus firm F-Secure has additional details on the method the attack uses to spoof its sender addresses to appear to come from inside a company as well as evidence that similar attacks date back to April 2005. The attacks appear to be routed through Internet addresses assigned to China and Taiwan.
A year ago, the national computer emergency response teams in the United Kingdom, Canada and Australia all warned of targeted attacks hitting organizations in those countries. While the U.S. organization, US-CERT, did not issue an alert, antivirus companies acknowledged that low-volume e-mail attacks had targeted U.S. companies and government agencies.
Posted by: Robert Lemos