New trojan attacks unpatched Word vulnerability

Word users threatened

22 May 2006 14:31 GMT / By Stuart Miles

Hackers have found and are exploiting an unpatched vulnerability in Microsoft Word 2000, Word XP and Word 2003 that will allow a third party access to the computer affected.

Symantec Security Response discovered a new zero-day vulnerability and exploit affecting Microsoft Word 2003 that is being leveraged to carry out targeted attacks.

Successful exploitation of the vulnerability allows the attacker to drop a backdoor Trojan named Backdoor.Ginwui on the victim’s machine.

The Trojan then sends information over HTTP to a specific IP address; however, it is possible for the attacker to leverage the Trojan to gain control of the affected machine and carry out additional attacks.

In order for the attack to be carried out, a user must first open a malicious Word document attached to an email or otherwise provided to them by an attacker.

The Trojan horse however does not make a copy of the virus or spread through the Internet like other viruses; it is directly distributed.

Vincent Weafer, senior director, Symantec Security Response, said that the targeted attack can bypass spam filters, and that Symantec's antivirus software is not as yet capable of detecting the particular Word file that is malicious. Symantec is looking at the vulnerability in terms of generic blocking.

To avoid this type of attack, Symantec recommends companies to limit users' privileges, and monitor outbound traffic. It also suggests companies to quarantine all the attachments for 6 to 12 hours, which will give the antivirus vendors the time to catch up with new threats.

Microsoft has committed to come up with a fix earliest by June 13, which still gives hackers a lot of time to hit vulnerable targets.