Symantec intercepts Microsoft Word exploit

Summary:Just 24 hours after Microsoft shipped a patch for a critical vulnerability affecting Microsoft Word, researchers at Symantec say they have intercepted a malicious Word .doc rigged with a backdoor Trojan.

Symantec intercepts Microsoft Word exploit
Just 24 hours after Microsoft shipped a patch for a critical vulnerability affecting Microsoft Word, researchers at Symantec say they have intercepted a malicious Word .doc rigged with a backdoor Trojan.

The malicious document exploits the workspace memory corruption remote code execution flaw patched in the MS07-060 and signals a renewed push by malware authors to release exploits immediately after Patch Tuesday.

Symantec researcher Orla Cox noted that exploitation of these types of vulnerabilities are very targeted -- aimed at specific companies -- and limited in nature.

In the Patch Tuesday bulletin, Microsoft confirmed that the flaw was being exploited in the wild.

In this instance, the rigged file is named "hope see again.doc" and arrives via e-mail. When the document is opened on an unpatched machine, the exploit drops a Trojan that uses rootkit techniques to avoid detection. The Trojan may also disable security software and programs.

To avoid suspicion, it also creates and opens a clean Word .doc written in Chinese with the same file name.

Symantec warns that the end result is a backdoor on the compromised computer that connects to a Chinese Web site on TCP port 80.

Topics: Malware, Collaboration, Microsoft, Security, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.