BKIS - Attackers Exploit 2008 Word Flaw to Take Over Computers

According to a warning from security investigators at Vietnam's BKIS (Bach Khoa International Security), hackers (possibly belonging to China) are exploiting a Microsoft Word loophole, discovered in December 2008, to compromise Windows computers.

Nguyen Minh Duc, Manager of BKIS based in Hanoi, states that rigged Word files from application security cell have started to make the rounds as e-mail attachments, as reported by PCWorld on April 24, 2009. The maliciously formed .doc files, according Minh Duc, exploit one security flaw in Word among a bunch of eight that Microsoft patched in December 2008 within the company's largest patch bundle in 5 years.

The report also reveals that the MS08-072 update fixed the bugs in Word 2007, 2003 and 2000 for Windows as well as in Word 2008 and 2004 for Mac.

Security researchers have said that on opening a malevolent Word file, the exploit runs successfully on systems with an unpatched Word 2003. Subsequently, the file plants a keylogger Trojan on the hijacked PC to capture usernames and passwords.

Nevertheless, according to Nguyen, if the PC were loaded with other versions of Word, they would collapse even without the execution of malevolent software.

Meanwhile, BKIS suspects that the Chinese hackers are using the particular attack code that obeys the commands from a server identified with the '8800.org' domain name registered in China. The malevolent e-mail, according to researchers, also has the Chinese charset="gb2312.

It is common to have attacks that exploit flaws in Microsoft Office programs, comment security experts. During February 2009, Microsoft admitted that hackers were attacking an exposed flaw in Excel, while in April it again warned that MS Office's PowerPoint was being similarly targeted.

Thus, Microsoft application users are advised to update their software with the latest versions, enable firewalls as well as deploy anti-spyware and antivirus to protect themselves from malicious attacks.

Meanwhile, Microsoft said it has information of only targeted and limited attacks exploiting the particular bug while it assured of protecting customers through appropriate action.

Additionally, SANS Institute advised users against using Word documents arriving from unreliable sources or similar unexpected documents from known sources.

Related article: Bugs Swell In Browsers in 2006

» SPAMfighter News - 5/5/2009