« Home sweet home | Main | Tools that make us dumb? »

May 22, 2006

MS Word under attack

You might be extra careful about opening e-mailed Word documents from now on, what with the arrival of a couple of trojans that exploit a gaping security hole in the Office XP and Office 2003 versions of the word processing program.

At the moment, the attack seems to have been targeted at individuals in a particular organisation, which fortunately managed to detect it.

The Mdropper.H Trojan that exploits the new flaw arrived in an email headed "Notice", or "RE Plan for final agreement", and the [so far] known infected documents had names like NO.060617.doc.doc or PLANNINGREPORT5-16-2006.doc.

According to Symantec, the trojan crashes Word 2002 (the Office XP version), but in Word 2003 it activates the Backdoor.Ginwui program which installs a rootkit to hide its presence, while it gathers system information and allows the attacker to access a command shell and take screen shots of whatever the user sees on his or her computer monitor. Ginwui appears to connect to a Chinese server. Fortunately, you can get avoid the trap by using the Word Viewer.

Posted by cw at May 22, 2006 12:11 PM

Trackback Pings

TrackBack URL for this entry:
http://bleedingedge.com.au/cgi-bin/mt/mt-tb.cgi/879

Comments

Posted by: Matthew Panetta at May 23, 2006 01:34 PM

Post a comment

Name:

Email Address:

URL:
Remember Me? YesNo

Security Code:

Comments: (you may use HTML tags for style)