MS Word zero-day attack video

Summary:What does a targeted Microsoft Word zero-day attack look like? A quick flicker when the .doc is opened is sometimes the only thing you'll see.

What does a targeted Microsoft Word zero-day attack look like? A quick flicker when the .doc is opened is sometimes the only thing you'll see.

 

Symantec's security response team has created a video of a targeted Microsoft Word zero-day attack in action, showing how it's near impossible to know if you've fallen victim to sophisticated spear phishers.

 

The vulnerability is exploited with no crash of MS Word, but within a few seconds the shellcode drops an executable and opens a clean legitimate document (with some real content) that deceives the user. The only thing that "smart" users can notice is a kind of "flickering" of MS Word. This is because the malicious code has to terminate and then re-execute the MS Word application with the new clean .DOC. This "flickering" happens very quickly.

 

This video shows an attack against MS Word 2000, confirmed as zero-day by Microsoft, and exploited by a Trojan dropper that checks for infected system for Internet connectivity and opens a backdoor that gives the attacker full control of the machine.

Since December 2006, there have been confirmed reports of at least five unpatched MS Word flaws being exploited in these types of attacks.

Topics: Microsoft, Security, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.