Troj/DocOSXDr-B

    Category: Viruses and SpywareProtection available since:14 Feb 2013 12:41:52 (GMT)
    Type: TrojanLast Updated:14 Feb 2013 12:41:52 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Troj/DocOSXDr-B is a deliberately-malformed Word file which exploits the MS09-027 vulnerability (CVE-2009-0563). Opening a file of this sort in an unpatched version of Office for Mac allows an attacker to trick your Mac into running embedded malicious code. Usually, this embedded code is used to install additional malware without producing any of the warning dialogs you would expect. (This is known as a "drive-by" install.)

    Vulnerable Mac software includes:

    Microsoft Office 2004 for Mac
    Microsoft Office 2008 for Mac
    Open XML File Format Converter for Mac

    You can check whether your Microsoft Office for Mac is patched by choosing the "Check for updates" option in the Help menu of any of the programs in the Office suite.

    Malware seen in the wild that is known to have been distributed by Word files of this sort includes OSX/Agent-AADL.

    Examples of Troj/DocOSXDr-B include:

    Example 1

    File Information

    Size
    149K
    SHA-1
    a7413ae0008dba53817502b64c4c3554cdcaeeab
    MD5
    14c3ffeb7eca1fd42a4d161faabbb8bd
    CRC-32
    39abbcf2
    File type
    Microsoft Word 95 to 2003
    First seen
    2013-02-13

    Example 2

    File Information

    Size
    158K
    SHA-1
    e774c0a73be42bbc4af850cf47e7e608dcfd9466
    MD5
    fbe399bf714184ed7fea313f36a86514
    CRC-32
    9fe8e26c
    File type
    Microsoft Word 95 to 2003
    First seen
    2013-02-13

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection