Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have advised
companies to exercise care over which Word documents their users
open, following the discovery of a Trojan horse that exploits an
unpatched Word vulnerability.
The Troj/Oscor-B Trojan horse
(also known as Ginwui.A) exploits a zero day vulnerability in
Microsoft Word, allowing it to infect computers when infected Word
documents are opened.
The Trojan horse has not been distributed widely, and appears to
have been used by the hackers to target a specific organization.
However, if information about how to exploit the Word vulnerability
falls into the public domain Sophos warns that more attacks could
The document causes Microsoft Word to crash,
and writes malicious code to the hard drive.
"In the past Word was often subject to attacks via macro viruses
written in scripting language, but this isn't a macro virus attack.
This zero day Trojan horse relies upon a specially crafted Word
document which causes Microsoft Word to crash and write malicious
code to the user's hard drive and registry," said Graham Cluley, senior
technology consultant for Sophos. "This threat underlines the
responsibility of every computer user to exercise caution about
which files they choose to run and open on their computer."
Microsoft has published information about the vulnerability in
an advisory on its website.
"Once a PC has been infected by a backdoor Trojan, hackers can
gain access to the computer to spy, to steal, to plant further
malicious software, or to launch spam and/or denial-of-service
attacks. Many eyes will now be looking to Microsoft, to see how
quickly they can release a critical security fix for Microsoft
Word," continued Cluley.
Sophos has been protecting against the Troj/Oscor-B Trojan horse
dropped by the Microsoft Word file since 15:09 GMT, Friday 19 May,
but warns that hackers could exploit the Word vulnerability to
spread new Trojan horses.
Sophos recommends companies put in place a consolidated solution to defend against viruses,
spyware and spam, and ensure that it is automatically updated as
new threats emerge.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.