Monday, May 22, 2006

Trojan hits unpatched Microsoft Word flaw

Security experts have detected a virus that exploits an unpatched vulnerability in Microsoft Word.

The flaw was exploited in at least one targeted attack against a corporation where several individuals received an email with an attached document.

The email's sender information was spoofed to make it look like the message came from inside the organisation.

On opening the document, the user's system is infected by a Trojan that uses a rootkit to hide itself. It then starts collecting information about the system and contacts an internet address outside the company.

Researchers traced the attack to China and Taiwan. "Due to the aggravating circumstances we want to make sure the community is aware of this problem as soon as possible," said a note posted on the Sans Internet Storm Center website.

Microsoft confirmed the vulnerability in a blog posting, saying that the flaw affects Word XP and Word 2003.

Stephen Toulouse, a programme manager at Microsoft, said that the company is working on a patch that is scheduled to be released on 13 June, or sooner if warranted.

Security vendor McAfee labelled the Trojan BackDoor-CKB!cfaae1e6 and rated it low risk.

The malware is noteworthy, however, because it exploits a previously unknown flaw in Word.

Because the Trojan is being used in highly targeted attacks, it allows the attacker to stay off the antivirus vendors' radars.

Original story from

No comments: