Jump to content

New trojan attacks unpatched Word vulnerability


The Highlander

Recommended Posts

 

New trojan attacks unpatched Word vulnerability

22 May 2006 - Hackers have found and are exploiting an unpatched vulnerability in Microsoft Word 2000, Word XP and Word 2003 that will allow a third party access to the computer affected.

 

Symantec Security Response discovered a new zero-day vulnerability and exploit affecting Microsoft Word 2003 that is being leveraged to carry out targeted attacks.

 

Successful exploitation of the vulnerability allows the attacker to drop a backdoor Trojan named Backdoor.Ginwui on the victim’s machine.

The Trojan then sends information over HTTP to a specific IP address; however, it is possible for the attacker to leverage the Trojan to gain control of the affected machine and carry out additional attacks.

 

In order for the attack to be carried out, a user must first open a malicious Word document attached to an email or otherwise provided to them by an attacker.

 

The Trojan horse however does not make a copy of the virus or spread through the Internet like other viruses; it is directly distributed.

 

Vincent Weafer, senior director, Symantec Security Response, said that the targeted attack can bypass spam filters, and that Symantec's antivirus software is not as yet capable of detecting the particular Word file that is malicious. Symantec is looking at the vulnerability in terms of generic blocking.

 

To avoid this type of attack, Symantec recommends companies to limit users' privileges, and monitor outbound traffic. It also suggests companies to quarantine all the attachments for 6 to 12 hours, which will give the antivirus vendors the time to catch up with new threats.

 

Microsoft has committed to come up with a fix earliest by June 13, which still gives hackers a lot of time to hit vulnerable targets.

 

Link To artical here

Link to comment
Share on other sites

Symantec Security Response discovered a new zero-day vulnerability and exploit affecting Microsoft Word 2003 that is being leveraged to carry out targeted attacks.

 

The Trojan then sends information over HTTP to a specific IP address; however, it is possible for the attacker to leverage the Trojan to gain control of the affected machine and carry out additional attacks.

 

Can anyone tell me please the meaning of

"zero-day"

"leveraged" in respect of what's done to the 'vulnerability and exploit'

"leverage" in respect of what's done to the trojan

 

This article looks very interesting, but what do these mean?

Link to comment
Share on other sites

Can anyone tell me please the meaning of

"zero-day"

"leveraged" in respect of what's done to the 'vulnerability and exploit'

"leverage" in respect of what's done to the trojan

 

This article looks very interesting, but what do these mean?

"zero day" means the day that it is first discovered and the day it is first used are the SAME day.

 

Used to be there were a couple months between the two points.

 

(And may mean that in this case, only the creator of the Trojan was workilng on Word, not the defense team)

 

Lynn

Link to comment
Share on other sites

Why don't we just turn our machines off and unplug them?

 

 

 

More here

In the wake of at least one targeted attack that exploits a new flaw in Word, Microsoft is advising users to run the application in "safe mode."

 

Running Word in the restricted mode will not fix the vulnerability, but it will help block known modes of attack, Microsoft said in a security advisory published late Monday. The software maker is also developing a security update for Word, which should be available on June 13 or sooner, as warranted, the company said.

 

Enabling "safe mode" is a two-step process. The first part involves disabling the use of Word as an e-mail client, the second is appending "/safe" to the command line that starts Word. Microsoft provides instructions for home and enterprise users in its security advisory.

 

News of the Word flaw and attack surfaced last week. Word 2002 and Word 2003 are vulnerable, but Word 2000 is not, Microsoft said. For an attack to be carried out, a PC user must open a malicious Word document sent in an e-mail or otherwise provided by an attacker, it said.

 

Aside from changing the way Word runs, people can protect their systems by being careful in the opening of Word documents received as an unexpected e-mail attachment, Micro

Link to comment
Share on other sites

"zero day" means the day that it is first discovered and the day it is first used are the SAME day.

 

Used to be there were a couple months between the two points.

 

(And may mean that in this case, only the creator of the Trojan was workilng on Word, not the defense team)

 

Lynn

So the vulnerability was used the first day it was discovered? How would they know? I think it was just an excuse to use a 'kewl' phrase.

 

And it really looks as if "leverage" just means "used" in this article.

Why can't they use plain language? Do they think their story won't be interesting enough if it isn't mystified?

 

Okay, here endeth the rant. We now return you to the scheduled program.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...