Microsoft Word Hit by Trojans Attack

According to some security organizations, a new unpatched bug in Microsoft Word 2000 is actively being broken by attackers. Symantec`s researchers had analyzed a sample of the in-the-wild attack and confirmed that it worked against a fully-patched edition of Office 2000.

Symantec said in an alert to customers of its DeepSight threat system: "Although we have not been able to develop other versions of Office with this specific sample, others may be affected by the vulnerability". When the malicious document attached to the attacker`s e-mail message is being opened, a Trojan horse drops another file onto the computer, which (actually another Trojan) drops yet another file, this time a backdoor component which leaves the machine open to additional attacks.

Symantec senior engineer Hon Lau said on the company`s blog: "Microsoft Office vulnerabilities are a great platform for social engineering- and e-mail based attacks,". "Enterprises, small businesses, and consumers continue to share and exchange information using Microsoft Office documents. As most of these document types are generally allowed to pass through most firewalls and security solutions, Microsoft Office documents are good vehicle for hiding executable malicious code."

                                 

Related News: