Security news
Security news22 May 2006
Trojan horse exploits zero day Microsoft Word vulnerability
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have advised companies to exercise care over which Word documents their users open, following the discovery of a Trojan horse that exploits an unpatched Word vulnerability.
The Troj/Oscor-B Trojan horse (also known as Ginwui.A) exploits a zero day vulnerability in Microsoft Word, allowing it to infect computers when infected Word documents are opened.
The Trojan horse has not been distributed widely, and appears to have been used by the hackers to target a specific organization. However, if information about how to exploit the Word vulnerability falls into the public domain Sophos warns that more attacks could emerge.
The document causes Microsoft Word to crash, and writes malicious code to the hard drive.
"In the past Word was often subject to attacks via macro viruses written in scripting language, but this isn't a macro virus attack. This zero day Trojan horse relies upon a specially crafted Word document which causes Microsoft Word to crash and write malicious code to the user's hard drive and registry," said Graham Cluley, senior technology consultant for Sophos. "This threat underlines the responsibility of every computer user to exercise caution about which files they choose to run and open on their computer."
Microsoft has published information about the vulnerability in an advisory on its website.
"Once a PC has been infected by a backdoor Trojan, hackers can gain access to the computer to spy, to steal, to plant further malicious software, or to launch spam and/or denial-of-service attacks. Many eyes will now be looking to Microsoft, to see how quickly they can release a critical security fix for Microsoft Word," continued Cluley.
Sophos has been protecting against the Troj/Oscor-B Trojan horse dropped by the Microsoft Word file since 15:09 GMT, Friday 19 May, but warns that hackers could exploit the Word vulnerability to spread new Trojan horses.
Sophos recommends companies put in place a consolidated solution to defend against viruses, spyware and spam, and ensure that it is automatically updated as new threats emerge.
When considering your anti-malware security vendor, what is more important to you?
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
