Alert Raised for MS Word Zero-Day Attack

By Ryan Naraine Print this article Print

A zero-day vulnerability in Microsoft Word is being used in specific, targeted attacks; The flaw is being exploited to deliver a rootkit-type backdoor that does reconnaissance on an infected machine and reports back to a server in China.

A zero-day flaw in the ubiquitous Microsoft Word software program is being used in an active exploit by sophisticated hackers in China and Taiwan, according to warnings from anti-virus researchers.

Symantec's DeepSight Threat Analyst Team has escalated its ThreatCon level after confirming the unpatched vulnerability is being used "against select targets."

The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.

The SANS ISC (Internet Storm Center) said in a diary entry that it received reports of the exploit from an unnamed organization that was targeted. "The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software," said Chris Carboni, an ISC incident handler tracking the attack.

When the .doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system. The exploit functioned as a dropper, extracting and launching a Trojan that immediately overwrites the original Word document with a "clean," uninfected copy.

Read the full story on eWEEK.com: Alert Raised for MS Word Zero-Day Attack

This article was originally published on 2006-05-19
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.