Press Releases

Browse our press release archive

22 May 2006

Trojan horse exploits zero day Microsoft Word vulnerability

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have advised companies to exercise care over which Word documents their users open, following the discovery of a Trojan horse that exploits an unpatched Word vulnerability.

The Troj/Oscor-B Trojan horse (also known as Ginwui.A) exploits a zero day vulnerability in Microsoft Word, allowing it to infect computers when infected Word documents are opened.

The Trojan horse has not been distributed widely, and appears to have been used by the hackers to target a specific organization. However, if information about how to exploit the Word vulnerability falls into the public domain Sophos warns that more attacks could emerge.

The document causes Microsoft Word to crash, and writes malicious code to the hard drive.

"In the past Word was often subject to attacks via macro viruses written in scripting language, but this isn't a macro virus attack. This zero day Trojan horse relies upon a specially crafted Word document which causes Microsoft Word to crash and write malicious code to the user's hard drive and registry," said Graham Cluley, senior technology consultant for Sophos. "This threat underlines the responsibility of every computer user to exercise caution about which files they choose to run and open on their computer."

Microsoft has published information about the vulnerability in an advisory on its website.

"Once a PC has been infected by a backdoor Trojan, hackers can gain access to the computer to spy, to steal, to plant further malicious software, or to launch spam and/or denial-of-service attacks. Many eyes will now be looking to Microsoft, to see how quickly they can release a critical security fix for Microsoft Word," continued Cluley.

Sophos has been protecting against the Troj/Oscor-B Trojan horse dropped by the Microsoft Word file since 15:09 GMT, Friday 19 May, but warns that hackers could exploit the Word vulnerability to spread new Trojan horses.

Sophos recommends companies put in place a consolidated solution to defend against viruses, spyware and spam, and ensure that it is automatically updated as new threats emerge.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at