New Microsoft Word Vulnerability in the Wild

Security researchers have discovered a zero-day vulnerability in Microsoft Word, which is already being actively exploited by hackers in China and Taiwan. Microsoft’s Security Response Center says it is working with antivirus vendors to prevent attacks and plans to release a security patch on June 13. The exploit  spreads as a Word document attached to an e-mail. Users who open the attachment with Word XP and Word 2003 are then infected with a Trojan that contains rootkit-like features in order to hide itself from antivirus scanners. The attack is successful against the newest version, Word 2003, but only crashes Word 2000 and Word XP, without leading to a computer compromise. The attack, which Symantec dubbed “Trojan.Mdropper.H,” begins with an e-mail that offers an attached file that appears to be a Word document. Opening the document lets the Trojan execute; it then drops another piece of malware, “Backdoor.Ginwui,” onto the PC, which installs a rootkit to hide itself, opens a channel to a hacker Web site and then waits for instructions, said Symantec. According to analysis done by Symantec, the Ginwui backdoor gathers system information, gives the attacker access to the command shell, and takes and transmits screenshots, perhaps with the goal of grabbing images of financial usernames and passwords. We would think the screenshots would only reveal passwords as asteriks, but maybe the developer had some other method in mind! As always, upgrade your antivirus software to the latest virus definitions to be safe from this and other viruses and trojans. If you don’t have an antivirus, you can download free AVG or get a 30-day trial copy of NOD32.