Friday, May 19, 2006

e-Mail Attacks Target Unpatched Word Hole

Paul Roberts writes on InfoWorld:

Antivirus companies and the SANS Internet Storm Center (ISC) issued a warning Friday about sophisticated e-mail attacks that are using a previously unknown hole in Microsoft Word to infiltrate corporate networks.

On Friday, Symantec raised its Internet threat rating, citing confirmation of attacks using an unknown hole in Microsoft Word were being used to compromise computers on the Internet. The warning came as monitors at ISC detailed "limited targeted attacks," originating from China and Taiwan, against an unnamed company that used Word attachments to install Trojan horse programs on corporate networks.

More here.

Update: From the F-Secure "News from the Lab" blog:

Internet Storm Center reported about a new zero-day Word vulnerbility being used. We have received a sample, and it indeed is a document attempts to exploit a vulnerability in Word, in order to drop and execute a binary file that downloads a backdoor.

Both the shellcode used in the exploit as well as the binary part in the document are encoded, in order to hide them.

More details about the backdoor is available at the W32/Ginwui.A.

0 Comments:

Post a Comment

<< Home