kcredden
May 20th, 2006, 02:19 PM
Zero Day MS Word flaw in the wild.
Symantec Corp (publishers of Norton Anti-virus) has issued an alert to a flaw in Microsoft Word, that will allow attackers to compromise your computer.
The malware is contained in a MS Word file attachemment, on an e-mail. If opened, it will display some text dealing with a treaty that Japan has with China. But this is a ruse, the software installs a backdoor on your system. Then it alerts the author or authors that this system is now avaiable for use.
This malware has been confirmed to affect Word 2000, but only causes a crash. Word 2003 however is what this software needs to give your system a backdoor.
So far, this particular attack has been used as a targeted company attack. But with the exploit out, crackers are probably writing code for a more general attack.
Symantic has said, this exploit bypasses spam filters, and their own anti-virus has been confirmed to not detect this yet They are working on a fix soon.
Microsoft has said that a fix to this flaw, will be avaible June 13 They are suggesting caution to any e-mail with Word attachments.
Glossary:
Zero-day flaw: Flaws for which no patch exists, it's known to the cracker community, and code is being developed, or is known to be out to exploit it.
Backdoor software Basically a unknown piece of software, that allows access into a persons or company's computer.
Symantec Corp (publishers of Norton Anti-virus) has issued an alert to a flaw in Microsoft Word, that will allow attackers to compromise your computer.
The malware is contained in a MS Word file attachemment, on an e-mail. If opened, it will display some text dealing with a treaty that Japan has with China. But this is a ruse, the software installs a backdoor on your system. Then it alerts the author or authors that this system is now avaiable for use.
This malware has been confirmed to affect Word 2000, but only causes a crash. Word 2003 however is what this software needs to give your system a backdoor.
So far, this particular attack has been used as a targeted company attack. But with the exploit out, crackers are probably writing code for a more general attack.
Symantic has said, this exploit bypasses spam filters, and their own anti-virus has been confirmed to not detect this yet They are working on a fix soon.
Microsoft has said that a fix to this flaw, will be avaible June 13 They are suggesting caution to any e-mail with Word attachments.
Glossary:
Zero-day flaw: Flaws for which no patch exists, it's known to the cracker community, and code is being developed, or is known to be out to exploit it.
Backdoor software Basically a unknown piece of software, that allows access into a persons or company's computer.