Post by Admin on May 25, 2006 19:10:11 GMT 7
New zero day exploit out for microsoft office word. please update your anti virus signatures.
Here's a summary of it from techrepublic;
"this is a new threat, so far it hasn't resulted in widespread attacks. According to News.com, the initial attack targeted a Japanese government office.
By design, the attack appears as if it's an internal memo, and antivirus software doesn't catch it. According to Symantec, the attack can bypass spam filters.
Symantec has designated the Trojan Backdoor.Ginwui, and it has designated the Word 2003 document Trojan.Mdropper.H. The company has listed the details of a registry edit that can reportedly remove the Trojan Backdoor.Ginwui. See the Symantec report for details because this may change with new developments.
The payload of the Word attachment appears to be a Trojan, but few details are available at this time. Opening the e-mail attachment displays a message, but it also opens a backdoor in the background, which then pings an IP address in Asia.
Opening the attachment in Word 2003 installs the Trojan. But in Word 2000, the attachment causes the program to crash instead, and it doesn't run the payload.
So far, this is a very targeted attack. However, as attackers learn how to exploit the new vulnerability, expect to see more widespread use of the threat—at least until Microsoft's next Patch Tuesday, scheduled for June 13.
Other than opening all e-mails in Word 2000 to see which ones crash the system, all you can do to protect users is to warn them to be especially vigilant about opening unexpected Word attachments to e-mails."
Faizul
Here's a summary of it from techrepublic;
"this is a new threat, so far it hasn't resulted in widespread attacks. According to News.com, the initial attack targeted a Japanese government office.
By design, the attack appears as if it's an internal memo, and antivirus software doesn't catch it. According to Symantec, the attack can bypass spam filters.
Symantec has designated the Trojan Backdoor.Ginwui, and it has designated the Word 2003 document Trojan.Mdropper.H. The company has listed the details of a registry edit that can reportedly remove the Trojan Backdoor.Ginwui. See the Symantec report for details because this may change with new developments.
The payload of the Word attachment appears to be a Trojan, but few details are available at this time. Opening the e-mail attachment displays a message, but it also opens a backdoor in the background, which then pings an IP address in Asia.
Opening the attachment in Word 2003 installs the Trojan. But in Word 2000, the attachment causes the program to crash instead, and it doesn't run the payload.
So far, this is a very targeted attack. However, as attackers learn how to exploit the new vulnerability, expect to see more widespread use of the threat—at least until Microsoft's next Patch Tuesday, scheduled for June 13.
Other than opening all e-mails in Word 2000 to see which ones crash the system, all you can do to protect users is to warn them to be especially vigilant about opening unexpected Word attachments to e-mails."
Faizul