iTWire - MessageLabs uncovers new Microsoft Word Vulnerability

IT&T JOBS|Discussion forum|Releases|Technology Events|IT News for mobile|

Today on iTWire iPhone IT News Telecommunications People Our Blogs Tech Lifestyle Science Sustainability

Live Technology Events - Training - Forums - Summits

Technology news and Jobs

Information Technology News

MessageLabs uncovers new Microsoft Word Vulnerability

MessageLabs uncovers new Microsoft Word Vulnerability

E-mail

by Stan Beer
Wednesday, 13 December 2006
! MessageLabs proactive heuristic anti-virus engine Skeptic detected and stopped a new targeted email attack which exploited a new, previously unknown, Microsoft Word vulnerability. The attack was different to previous attacks stopped by MessageLabs and did not fit with the techniques used by previously identified targeted attack senders. The attack used a new, previously unknown and unannounced, zero-day vulnerability in Microsoft Word. Although the attack itself only lasted four seconds and consisted of three copies of the same malware sent to very specific people in high-profile organisations, undetected copies could compromise the security of the targeted organisations. The attack appears to be designed to access confidential information through the victim’s computer. In this instance, the attack emails originated from a Yahoo email account which the attacker unusually accessed through webmail from a mobile device CDMA link to further hide his identity. The content of the emails focused on current issues in Iran and questions around its nuclear program and appeared to be highly targeted to the recipients to appear trustworthy. The email contained an attachment called "Rapid Response issues.doc," which contained the malware exploiting the new zero-day unannounced Word vulnerability. The vulnerability would then cause MS Word to drop an executable file, executing it and exiting. The executable file, when executed, then drops another, now clean, word document with a similar name to the original file, and another executable file. The dropped clean word document is then opened and it indeed contains some text about the political situation around Iran allowing the recipient to think that nothing unusual has happened. However, the dropped executable file gets executed by a dropper. After that, it remains resident in memory and does a number of malicious actions, including waiting for remote commands sent to another email address, checking a particular web address - possibly, for updates, or for getting remote commands - and gathering information about the system it is executed on. When specific information about the system is collected, it sends it to a particular email address. According to MessageLabs, this particular attack does not fit any of the known patterns, and is likely to be from a new group of criminals entering the field of electronic industrial espionage.{moscomment} Please enable JavaScript in your browser to post your comment! Tags See All Tags Microsoft Security Stan Beer Get stories like this delivered daily - FREE - subscribe now

< Next story in category		Previous story in the category >

Sponsored Releases

Charles Sturt University Commences Unified Communications Deployment With Interactive Intelligence

Progress Software's Cure for Managing Services-based Applications

ComOps Deploys Corporate Performance Reporting Solution For Healthcare Test Manufacturer

UTelco Systems Pty Ltd Signs Consulting Agreement with MicroStrategy

Interactive Intelligence Adds SMS to All-in-One Multi-Channel Contact Centre Software Suite

...Promote yourself here

Latest jobs

Visitors last 30 days
Suscribers

904,266
13,751

#1 independent technology news advertise here

Subscribe to our free e-newsletter

- Advertisement -

Sporting Club Scores Communications Win

Sporting Club Scores Communications Win

Featured Job
Business Objects Analyst Programmer
Melbourne Full Time

Today on iTWire