Get Visual Studio 2010 Beta 2

New Trojan Targets Microsoft Word

New Trojan Targets Microsoft Word

Techtree News Staff, May 22, 2006 1351 hrs IST

Now Microsoft Word users need to be extra careful while downloading files, as hackers have already targeted Microsoft Word 2003...

E-Mail Print

Now Microsoft Word users need to be extra careful while downloading files, as hackers have already targeted Microsoft Word 2003 exploiting zero-day vulnerabilities with a new Trojan horse named "Trojan.Mdropper.H".

Symantec, the leading desktop security vendor, has issued an alert on its home page regarding the vulnerability, asking users to be extra careful while opening any Word document received either by email or any other means. According to Symantec, opening an email attachment which appears to be a Word document actually opens the latest Trojan horse virus program, giving hackers access to users' PCs. When the document is opened by users, it triggers the vulnerability.

According to Symantec the attack originated in Asia, and now it appears that the attacks are targeted at large organizations but there could be a change in strategy.

Johannes Ullrish, chief technical officer, SANS Internet Storm Center, said that the attackers behind the latest Trojan horse might be operating out of China or Taiwan. The researchers have found Chinese characters in the malicious Word document, and the servers associated with the attack have been traced back to these countries.
The seriousness of the attack has been compounded by Microsoft's declaration that the company might require over three weeks to fix the vulnerability.

A Trojan horse does not make a copy of the virus or spread through the Internet like other viruses; it is directly distributed - often in the guise of useful and attractive downloads.

Vincent Weafer, senior director, Symantec Security Response, said that the targeted attack can bypass spam filters, and that Symantec's antivirus software is not as yet capable of detecting the particular Word file that is malicious. Symantec is looking at the vulnerability in terms of generic blocking.

To avoid this type of attack, Symantec recommends companies to limit users' privileges, and monitor outbound traffic. It also suggests companies to quarantine all the attachments for six to 12 hours, which will give the antivirus vendors the time to catch up with new threats.

Microsoft has committed to come up with a fix earliest by June 13, which still hackers a lot of time to hit vulnerable targets.

(All fields are mandatory.)

Text Limit = 255 Characters

Type the characters you see in the picture below.

#

Characters are not case sensitive.



USER COMMENTS

i am facing a virus problem. My word file was corrupted and i am seeing a garbage of it.so please give me solution.

by Irfan, Karachi, on Sep 15, 2006 10:47 AM, Report abuse   Reply

I need help on Microsoft Access 2003. Can I do Text to Column in Access 2003

by Hetal Shah, Bhopal, MP, India, on Sep 13, 2006 11:45 AM, Report abuse   Reply

I changed to winAntiViruspro 2006 recently and have found it far superior ro Norton.Works great

by patknutsford, knutsford, on May 30, 2006 03:40 PM, Report abuse   Reply

Why are there people who sit around and create viruses? How does it help anybody?

by Anonymous, Timbuktu, on May 24, 2006 03:22 AM, Report abuse   Reply

Helps a lot to AV (Antivirus) product companies!!

by Jack, JAckVille, on May 24, 2006 11:49 AM, Report abuse

7 months I've run XP SP2 without a single spyware or virus. I run NO MS apps on this box.

by Paul, NC, on May 23, 2006 05:06 PM, Report abuse   Reply

".. run XP SP2 .." I'm pretty sure Microsoft Windows is a product of Microsoft.

by Russ Frank, Newark, on May 23, 2006 06:06 PM, Report abuse

"Trojan.Mdropper.H" sounds like a Trojan dropper, not a Trojan Horse. Biiig difference.

by Russ Frank, Newark, on May 23, 2006 06:03 PM, Report abuse   Reply

it's missing more than 1 word.

by Mike Gosse, ont, on May 23, 2006 10:03 AM, Report abuse   Reply

I got this trojan early Saturday Morning....Quarantined it with Norton...Then deleted the quarantine....Hope my computer is o.k.

by Sally Cerciello, La Jolla, on May 23, 2006 04:45 AM, Report abuse   Reply

salaam kia haal hai aap ka sar ji kahan ho aap ?

by atta sakib, multan, on May 23, 2006 03:27 AM, Report abuse   Reply

The last sentence in this article is missing a word.

by Richard W. Youn, CT., on May 23, 2006 02:15 AM, Report abuse   Reply

Just image how many computers will stay unpatched due to microsft's anti-piracy programs that limit updates to legitimate buyers. Good for MS to make $$, bad for the rest of us who will deal with the growing legions of zombie armies "sanctioned" by Microsoft. Solution? Ditch Word, try openoffice!

by Bill, Seatle, on May 22, 2006 09:33 PM, Report abuse   Reply

what do I do if I already have been infected by the trojan horse, and mcafee says it cannot clean or delete it.

by Louise Weizer, macedonia ohio, on May 22, 2006 04:49 PM, Report abuse   Reply

You might be able to do a system restore on that I'm not so sure though you might have to disable it and delete it manually if it will let you

by FLaNte, California, on May 22, 2006 09:27 PM, Report abuse

Has McAfee commented about this. I have never liked Norton antiVirus. I know of a dozen friends and family who's computers have crashed with Norton. I use McAfee and have had no trouble. I have run into about 6 or7 trojans and McAfee gets 'em every time..

by Graham, Southampton UK, on May 22, 2006 09:16 PM, Report abuse   Reply

Time to back up. Remember to preserve your file and back them up with a cd rom disc

by Dad, Providence, on May 22, 2006 09:06 PM, Report abuse   Reply

I've got W32.Myzor.FK@yf and McAfee is not responding. This one is a fraud that links to spyware removal service that seem to be in collusion with the hackers.

by Francis Manns, , Toronto, on May 22, 2006 08:19 PM, Report abuse   Reply

I have a Word Doc on my computer desktop titled Jokes where I copy/paste jokes sent from my E-mail friends. When I did an update / scan with my Norton system, I noticed that it had identified that I had a Jokes.exe virus. Could this have been done by this Word-virus? By the way, I deleted it as I should have and ran another scan to ensure it's removal.

by John Taylor, Savannah, on May 22, 2006 07:15 PM, Report abuse   Reply

Ranjan, Should we restrict all email be retrieved via big daddy for today?

by Anonymous, Houston, on May 22, 2006 02:51 PM, Report abuse   Reply

'already targeted Microsoft Word 2003' - this version of Word has been around for quite a while - I think I loaded mine at the end of 2004 !!!!

by Chris Dart, Maastricht, NL, on May 22, 2006 02:33 PM, Report abuse   Reply

HOT STUFF

visual_studio
Try Visual Studio 2010 Beta 2 Now

Sauerbraten
Top 5 cameras under Rs. 10,000

Sauerbraten
Build a High-end Gaming PC

Sauerbraten
Entry-level PC for about 20K

Sauerbraten
Mid-range Gaming PC for about 35K

Sauerbraten
Mobile Phone Buyers' Guide