Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Targeted trojan attacks via Word flaw
Published: 2006-05-22

A U.S. company is among the apparently small number of victims specifically targeted by a malicious group using a previously unknown vulnerability in Microsoft Word.

The attack--first brought to light by the handlers at the SANS Institute's Internet Storm Center (ISC)--consists of an e-mail message sent to a small number of individuals in the targeted company. Each message carries a Word attachment and, so far, only two subject lines have been seen: "Notice" and "RE Plan for final agreement."

"This attachment, when opened, exploited a previously-unknown vulnerability in Microsoft Word (verified against a fully-patched system)," said an anonymous source in comments published by the ISC. "The exploit functioned as a dropper, extracting a trojan byte-for-byte from the host file when executed."

Microsoft has confirmed details of the Word exploit. Antivirus firm F-Secure has additional details on the method the attack uses to spoof its sender addresses to appear to come from inside a company as well as evidence that similar attacks date back to April 2005. The attacks appear to be routed through Internet addresses assigned to China and Taiwan.

A year ago, the national computer emergency response teams in the United Kingdom, Canada and Australia all warned of targeted attacks hitting organizations in those countries. While the U.S. organization, US-CERT, did not issue an alert, antivirus companies acknowledged that low-volume e-mail attacks had targeted U.S. companies and government agencies.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:
Targeted trojan attacks via Word flaw 2006-05-23
Juha-Matti Laurio


Privacy Statement
Copyright 2009, SecurityFocus