Troj/DocOSXDr-A

Category: Viruses and Spyware Protection available since:28 Mar 2012 20:55:23 (GMT)
Type: Trojan Last Updated:29 Nov 2013 05:52:38 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/DocOSXDr-A is a deliberately-malformed Word file which exploits the MS09-027 vulnerability (CVE-2009-0563). Opening a file of this sort in an unpatched version of Office for Mac allows an attacker to trick your Mac into running embedded malicious code. Usually, this embedded code is used to install additional malware without producing any of the warning dialogs you would expect. (This is known as a "drive-by" install.)

Vulnerable Mac software includes:

  • Microsoft Office 2004 for Mac
  • Microsoft Office 2008 for Mac
  • Open XML File Format Converter for Mac


You can check whether your Microsoft Office for Mac is patched by choosing the "Check for updates" option in the Help menu of any of the programs in the Office suite.

Malware seen in the wild that is known to have been distributed by Word files of this sort includes OSX/Bckdr-RLG and OSX/Sabpab-A.

Examples of Troj/DocOSXDr-A include:

Example 1

File Information

Size
94K
SHA-1
80665f89589fa7b81f1315f37ec2fd369474b02c
MD5
0888bfba56cff355598c637d63cce09d
CRC-32
366935d0
File type
application/octet-stream
First seen
2012-03-03

Example 2

File Information

Size
84K
SHA-1
8c6216fb5b9ca5919be803ffc72cbea281f85574
MD5
429258da07b4375b04b8b144ed65c45a
CRC-32
9db7d989
File type
Microsoft Word 95 to 2003
First seen
2013-01-30

Example 3

File Information

Size
215K
SHA-1
c18478517db77d34dfe4f42fd04688f23d04b60a
MD5
c024e159a96f3292915b257070fc3325
CRC-32
d8d5fe5a
File type
application/octet-stream
First seen
2012-04-16

Other vendor detection

Kaspersky
Exploit.MSWord.CVE-2009-0563.a

download Try Sophos products for free
Download now