Malevolent RTF Files Drop Trojan Via Abuse of Office Vulnerability

Researchers at Trend Micro the security company state that malevolent Rich Text Format (RTF) files have been detected circulating online that are being used for exploiting a familiar security flaw so cyber-criminals can install malware on people's computers.

RTF, it's worth noting, is a very old design of Microsoft Office documents that Microsoft WordPad and Word of any edition supports.

In the current attack, the RTF-specific attack code, which Trend Micro has detected, aims to strike vulnerability of heap overflow type that impacts all versions of Microsoft Office. The flaw, when abused effectively, enables to execute remote code with the help of malevolent RTF files that install a Trojan. The Trojan, however, conceals itself in the guise of a service that already runs on the infected PC. Trend Micro has dubbed the .RTF attack files -TROJ_ARTIEF.SM.

States the company, the above malicious software inserts code within a process called svchost.exe so that it can connect with a distantly located computer server and take instructions from it. Trend Micro has named this code TROJ_INJECT.ART.

Detailing the malware assault, Threat Response Engineer Karl Dominguez at Trend Micro stated that a more severe problem was that an attacker could hit users' mailboxes with RTF-based e-mails. Since to deal with e-mails, Microsoft Outlook utilized Word, a victim who simply viewed/opened a maliciously crafted e-mail could allow the execution of the remote attack code, Dominguez explained. Trendmicro.com published this on December 15, 2010.

Luckily, Microsoft has already issued a security patch for the flaw, which attackers are exploiting. Thus, Trend Micro asserts that users must deploy the patch that's available within MS10-087, the authorized security bulletin, which Microsoft issued within its Patch Tuesday cycle of November 2010.

Furthermore, it's because of these kinds of assaults that PC Trojan-spewed malware are emerging. PandaLabs the security company within its security report for Q3-2010 emphasized that the most dominant threats were computer Trojans, accounting for 55% of the entire malware attacks from them. Backing this observation, AhnLab a South Korea-based security company outlined in its October 2010 report that of all malware, Trojans were reported as maximum in number at 46.1%.

Related article: Malevolent E-mail Spam Mimics Twitter Template

» SPAMfighter News - 12/27/2010