Troj/DocOSXDr-B

Category: Viruses and SpywareProtection available since:14 Feb 2013 12:41:52 (GMT)
Type: TrojanLast Updated:14 Feb 2013 12:41:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/DocOSXDr-B is a deliberately-malformed Word file which exploits the MS09-027 vulnerability (CVE-2009-0563). Opening a file of this sort in an unpatched version of Office for Mac allows an attacker to trick your Mac into running embedded malicious code. Usually, this embedded code is used to install additional malware without producing any of the warning dialogs you would expect. (This is known as a "drive-by" install.)

Vulnerable Mac software includes:

Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac

You can check whether your Microsoft Office for Mac is patched by choosing the "Check for updates" option in the Help menu of any of the programs in the Office suite.

Malware seen in the wild that is known to have been distributed by Word files of this sort includes OSX/Agent-AADL.

Examples of Troj/DocOSXDr-B include:

Example 1

File Information

Size
149K
SHA-1
a7413ae0008dba53817502b64c4c3554cdcaeeab
MD5
14c3ffeb7eca1fd42a4d161faabbb8bd
CRC-32
39abbcf2
File type
Microsoft Word 95 to 2003
First seen
2013-02-13

Example 2

File Information

Size
158K
SHA-1
e774c0a73be42bbc4af850cf47e7e608dcfd9466
MD5
fbe399bf714184ed7fea313f36a86514
CRC-32
9fe8e26c
File type
Microsoft Word 95 to 2003
First seen
2013-02-13