Troj/DocOSXDr-A is a deliberately-malformed Word file which exploits the MS09-027 vulnerability (CVE-2009-0563). Opening a file of this sort in an unpatched version of Office for Mac allows an attacker to trick your Mac into running embedded malicious code. Usually, this embedded code is used to install additional malware without producing any of the warning dialogs you would expect. (This is known as a "drive-by" install.)
Vulnerable Mac software includes:
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
You can check whether your Microsoft Office for Mac is patched by choosing the "Check for updates" option in the Help menu of any of the programs in the Office suite.
Malware seen in the wild that is known to have been distributed by Word files of this sort includes OSX/Bckdr-RLG and OSX/Sabpab-A.
Examples of Troj/DocOSXDr-A include:
Example 1
File Information
- Size
- 156K
- SHA-1
- 445959611bc2480357057664bb597c803a349386
- MD5
- f4cbfe4f2ddf3f599984cf6d01c1b781
- CRC-32
- 4e76f78f
- File type
- application/octet-stream
- First seen
- 2012-03-28
Example 2
File Information
- Size
- 93K
- SHA-1
- 2f0ec568ce1623e3b9fe9381876f95e7b2bc1771
- MD5
- a9ee45670c36f42a7d86de19b2242a42
- CRC-32
- 153a2f55
- File type
- application/octet-stream
- First seen
- 2012-03-28
Example 3
File Information
- Size
- 93K
- SHA-1
- 54f74e061d8f255e5b6a929676b6622d79bbf769
- MD5
- 0e442e51e93ec1e80982ceaac06d838f
- CRC-32
- f28c8048
- File type
- application/octet-stream
- First seen
- 2012-03-28