Microsoft Discloses Word Zero-Day Attack

There is a new Trojan that attempts attack on the popular Word application, warns security companies Symantec and Secunia. Hackers are commandeering the computers by exploiting a fresh un-patched flaw in MS Word.

The attack is called a "zero-day attack" because the exploitation of the flaw began the same day it was announced to the public. The flaw is rated "extremely critical" and follows closely with three other un-patched flaws in Microsoft Word.

While writing on Symantec's Security Response blog, Hon Lau representing Symantec said history has seen many attacks using vulnerabilities related to Microsoft Office during 2006. Therefore, the recent new incidents of threat on the same theme are no surprise.

Like hackers have been increasingly using the method of targeted attacks, so also this time the attack occurs through an infected MS Word document. If a user clicks open the document, a Trojan horse "Trojan.Mdropper.W" gets installed onto the PC, wrote Lau. Other files are also planted by this Trojan on the PC that allows a hacker gain control over it.

Armed with this ability the attacker after successfully hijacking a computer can convert it into a botnet, a PC that delivers hundreds of spam mails to other PCs without either the knowledge or consent of their owners.

Within a very short time of report of the disclosure of the Trojan, Microsoft confirmed the Trojan's malicious activity of penetrating systems through a security hole in Word. Microsoft adds in security advisory 932114 that only the outdated version 2000 of Windows Word is susceptible to the exploit. The recent Windows versions and Word for Mac OS are found to be unaffected. However, those attacks are very limited, says Microsoft.

It is very important for users to maintain caution before opening unsolicited attachments. If a recipient is not absolutely sure he may verify from the sender before clicking on them. It is still not clear if the attack can be successful on Word Viewer as well. There is no known exploit or infected sample made available for public testing. There're chances of mitigating success of the attack by using Word's Safe Mode.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 2/1/2007