Attackers Use Another ‘Word Flaw’ To Plant Trojan

As the monthly security updates for Tuesday approaches, Microsoft Corp is worried about an additional problem: 'Word Flaws'.

On December 10, 2006, the software vendor confirmed that online miscreants were e-mailing malicious Word attachments to victims. While these attacks have not spread far and wide, they are damaging because if the victim opens the attachment, it could allow the attacker to run unauthorized software on his/ her computer.

According to Scott Deacon of the 'Microsoft Security Response Center' (MSRC), the latest flaw has no relation with the vulnerability found on December 5, 2006. Deacon wrote on the MSRC 'blog' that the initial reports and investigations confirm that the new flaw is under limited and target-based exploitation. A successful attack requiring the user to open a Word document attached to an infected e-mail or download a Word file from a malicious website could totally compromise the computer.

Security provider 'Secunia' has rated this newest Word flaw as "extremely critical". Explaining the cause of such rating, it said on December 11, 2006 that the flaw was un-patched and also malicious attackers were exploiting it. In an advisory, Secunia said that attackers used the opportunity when an unspecified error occurred in the processing of a Word document.

Both the exploited vulnerabilities are found in 'Word 2000', 'Word 2002', 'Word 2003', 'Microsoft Word Viewer 2003', 'Word 2004' for Mac, and 'Word 2004 v. X' for Mac. They also affect 'Works 2004', '2005' and '2006' because they offer Word among their other items.

Microsoft reported the attacks using this vulnerability were conducted on a very limited and targeted basis. This means the attack was neither widespread nor spreading haphazardly.

McAfee reported that it is aware of attackers who install password-stealing Trojan horse "PWS-Agent.g" with the help of the 'Word exploit'. The Trojan captures passwords from 'Internet Explorer', 'Firefox', and 'POP3 e-mail clients'.

Owing to these attacks, Microsoft advises users to refrain from opening or saving Word files that they receive from unknown sources. It similarly applies for Word attachments coming via e-mails, unexpectedly from trusted sources. This is important till, at least, Microsoft releases patches for the flaws.

Related article: Attackers Exploited UPS Name to Spread Trojan

» SPAMfighter News - 12/15/2006