Loading
-
New Trojan Targets Microsoft Word
Techtree News Staff, May 22, 2006 1351 hrs ISTNow Microsoft Word users need to be extra careful while downloading files, as hackers have already targeted Microsoft Word 2003...
Now Microsoft Word users need to be extra careful while downloading files, as hackers have already targeted Microsoft Word 2003 exploiting zero-day vulnerabilities with a new Trojan horse named "Trojan.Mdropper.H".
Symantec, the leading desktop security vendor, has issued an alert on its home page regarding the vulnerability, asking users to be extra careful while opening any Word document received either by email or any other means. According to Symantec, opening an email attachment which appears to be a Word document actually opens the latest Trojan horse virus program, giving hackers access to users' PCs. When the document is opened by users, it triggers the vulnerability.
According to Symantec the attack originated in Asia, and now it appears that the attacks are targeted at large organizations but there could be a change in strategy.
Johannes Ullrish, chief technical officer, SANS Internet Storm Center, said that the attackers behind the latest Trojan horse might be operating out of China or Taiwan. The researchers have found Chinese characters in the malicious Word document, and the servers associated with the attack have been traced back to these countries.
The seriousness of the attack has been compounded by Microsoft's declaration that the company might require over three weeks to fix the vulnerability.
A Trojan horse does not make a copy of the virus or spread through the Internet like other viruses; it is directly distributed - often in the guise of useful and attractive downloads.
Vincent Weafer, senior director, Symantec Security Response, said that the targeted attack can bypass spam filters, and that Symantec's antivirus software is not as yet capable of detecting the particular Word file that is malicious. Symantec is looking at the vulnerability in terms of generic blocking.
To avoid this type of attack, Symantec recommends companies to limit users' privileges, and monitor outbound traffic. It also suggests companies to quarantine all the attachments for six to 12 hours, which will give the antivirus vendors the time to catch up with new threats.
Microsoft has committed to come up with a fix earliest by June 13, which still hackers a lot of time to hit vulnerable targets.
Symantec, the leading desktop security vendor, has issued an alert on its home page regarding the vulnerability, asking users to be extra careful while opening any Word document received either by email or any other means. According to Symantec, opening an email attachment which appears to be a Word document actually opens the latest Trojan horse virus program, giving hackers access to users' PCs. When the document is opened by users, it triggers the vulnerability.
According to Symantec the attack originated in Asia, and now it appears that the attacks are targeted at large organizations but there could be a change in strategy.
Johannes Ullrish, chief technical officer, SANS Internet Storm Center, said that the attackers behind the latest Trojan horse might be operating out of China or Taiwan. The researchers have found Chinese characters in the malicious Word document, and the servers associated with the attack have been traced back to these countries.
The seriousness of the attack has been compounded by Microsoft's declaration that the company might require over three weeks to fix the vulnerability.
A Trojan horse does not make a copy of the virus or spread through the Internet like other viruses; it is directly distributed - often in the guise of useful and attractive downloads.
Vincent Weafer, senior director, Symantec Security Response, said that the targeted attack can bypass spam filters, and that Symantec's antivirus software is not as yet capable of detecting the particular Word file that is malicious. Symantec is looking at the vulnerability in terms of generic blocking.
To avoid this type of attack, Symantec recommends companies to limit users' privileges, and monitor outbound traffic. It also suggests companies to quarantine all the attachments for six to 12 hours, which will give the antivirus vendors the time to catch up with new threats.
Microsoft has committed to come up with a fix earliest by June 13, which still hackers a lot of time to hit vulnerable targets.
Related Links
Discussion Board
(21) Comments
Irfan
,Karachi, on Sep 15, 2006 10:47 AM
Report abuse
Hetal Shah
,Bhopal, MP, India, on Sep 13, 2006 11:45 AM
patknutsford
,knutsford, on May 30, 2006 03:40 PM
Anonymous
,Timbuktu, on May 24, 2006 03:22 AM
Paul
,NC, on May 23, 2006 05:06 PM
Russ Frank
,Newark, on May 23, 2006 06:06 PM
Russ Frank
,Newark, on May 23, 2006 06:03 PM
Sally Cerciello
,La Jolla, on May 23, 2006 04:45 AM
Bill
,Seatle, on May 22, 2006 09:33 PM
Louise Weizer
,macedonia ohio, on May 22, 2006 04:49 PM
FLaNte
,California, on May 22, 2006 09:27 PM
Graham
,Southampton UK, on May 22, 2006 09:16 PM
Dad
,Providence, on May 22, 2006 09:06 PM
Francis Manns,
,Toronto, on May 22, 2006 08:19 PM
John Taylor
,Savannah, on May 22, 2006 07:15 PM
Anonymous
,Houston, on May 22, 2006 02:51 PM
Opinion Poll
- Which desktop web browser do you use?
-
Internet Explorer
Firefox
Chrome
Safari
Opera
Other (specify in comments)
Poll Results View Previous Polls