Rigged Word docs exploit 2008 bug, say researchers
- 24 April, 2009 08:02
- Comments
Attackers, probably based in China, are exploiting a December bug in Microsoft Word to hijack Windows PCs, Vietnamese security researchers warned Thursday.
According to Nguyen Minh Duc, manager of Hanoi-based Bach Khoa Internetwork Security's (BKIS) application security department, rigged Word documents have begun to circulate as e-mail attachments. The malformed .doc files exploit one of the eight Word flaws fixed by Microsoft in December 2008 as part of the company's biggest patch batch in five years.
The holes in Word 2000, 2003 and 2007 for Windows, and Word 2004 and 2008 for the Mac were plugged by the MS08-072 update.
When a malicious Word document is opened, the attack code executes successfully on machines with an unpatched copy of Word 2003. "If other Word versions are used in the computer, they are only crashed without any malicious code execution," Nguyen said in an e-mail. The malware drops a Trojan keylogger on the compromised computer to steal information, such as usernames and passwords.
BKIS suspected Chinese hackers were behind the exploit. "It is connected to a server with the domain name '8800.org' registered in China to receive commands," Nguyen said. "In the malicious e-mail, we also found charset="gb2312, [which] is Chinese charset."
Attacks exploiting vulnerabilities in Microsoft's Office applications are common. In February, Microsoft's security team acknowledged hackers were targeting an unpatched bug in Excel, then earlier this month issued a similar warning about PowerPoint, the suite's presentation maker.
Microsoft patched the Excel bug last week as part of its regularly-scheduled monthly security update.
Support for Word 2003, the version BKIS said is vulnerable to the new attack, shifted into what's called "extended" mode last week. Microsoft will continue to provide security updates for the application until April 8, 2014, but will no longer offer free non-security fixes.
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
- Microsoft issues mammoth security update, biggest in five years
- Microsoft Security Bulletin MS08-072 - Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
- Attackers exploit unpatched Excel vulnerability
- Attackers exploit critical PowerPoint vulnerability
- Microsoft patches 'insane' number of bugs
- Microsoft to limit Office 2003 support
- Improving Storage Efficiencies with Data Deduplication and Compression
- Case Study: NZ Bus Develops Applications 60% Faster, Improves Database Performance by up to 35%
- CSO Security Buyers Guide 2011
- Securing Vital Infrastructure
- Case Study: BNP Paribas Deploys Oracle Exadata to Accelerate Information Processing - The Hardware Perspective
-
Dymocks taps Android for e-book, tablet move
-
Droid Razr Maxx: An Android smartphone for big talkers
-
Lenovo ordered to pay €1920 for making French laptop buyer pay for Windows too
-
Wikileaks suspect to face US court-martial
-
Wikileaks suspect to face US court-martial
-
Office 2007 for Dummies
-
Windows 7 for Dummies®
-
Teach Yourself Visually Windows 7
-
Office 2007 All-In-One Desk Reference for Dummies
-
Computers for Seniors for Dummies, 2nd Edition
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Seniors for Dummies®
-
Microsoft Office
-
MYOB Software for Dummies 6E Australian Edition
Get exclusive access to Techworld news, reports & analysis. 
Comments
Post new comment