Don't click! Malware loads after you open infected Word document.

Microsoft Word users should be extra careful about the files they download because hackers are exploiting an unpatched vulnerability in the Word software.

McAfee warned users of a new Trojan horse program, called BackDoor-CKB!cfaae1e6, that secretly installs software on a computer. However For this program to work, hackers must first trick users into opening a malicious Word document.

When the word doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system. The exploit functioned as a dropper, extracting and launching a Trojan that immediately overwrites the original Word document with a "clean," uninfected copy.

"As a result of the exploit, Word crashes, informs the user of a problem, and offers to attempt to re-open the file. If the user agrees, the new 'clean' file is opened without incident," the ISC explained.

The ISC said the attack was traced to the Far East, with domains and IP addresses associated with the Trojan registered in China and Taiwan. "The [attack] e-mails received originated from a server in that region. The attackers appear to be aware that they have been 'outed,' and have been routinely changing the IP address associated with the URL above," the Storm Center said.

SANS has published a number of tips on how to avoid this type of attack. The security training organization recommends that companies limit users' privileges and monitor outbound traffic. It also suggests that companies think about quarantining all attachments for six to 12 hours in order to give the antivirus vendors time to catch up with new threats.

Source: PCWRLD
Send to a friend | Permalink | Del.icio.us | Go To Top
Translate: