X
Tech
Home Tech Security

Symantec intercepts Microsoft Word exploit

Just 24 hours after Microsoft shipped a patch for a critical vulnerability affecting Microsoft Word, researchers at Symantec say they have intercepted a malicious Word .doc rigged with a backdoor Trojan.
Written by Ryan Naraine, Contributor
Symantec intercepts Microsoft Word exploit
Just 24 hours after Microsoft shipped a patch for a critical vulnerability affecting Microsoft Word, researchers at Symantec say they have intercepted a malicious Word .doc rigged with a backdoor Trojan.

The malicious document exploits the workspace memory corruption remote code execution flaw patched in the MS07-060 and signals a renewed push by malware authors to release exploits immediately after Patch Tuesday.

Symantec researcher Orla Cox noted that exploitation of these types of vulnerabilities are very targeted -- aimed at specific companies -- and limited in nature.

In the Patch Tuesday bulletin, Microsoft confirmed that the flaw was being exploited in the wild.

In this instance, the rigged file is named "hope see again.doc" and arrives via e-mail. When the document is opened on an unpatched machine, the exploit drops a Trojan that uses rootkit techniques to avoid detection. The Trojan may also disable security software and programs.

To avoid suspicion, it also creates and opens a clean Word .doc written in Chinese with the same file name.

Symantec warns that the end result is a backdoor on the compromised computer that connects to a Chinese Web site on TCP port 80.

Editorial standards
Show Comments

Related

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

penguin holding an apple on Sonoma background

6 features I wish MacOS would copy from Linux

Placeholder product image alt text

The best AI image generators to try right now