Menu
 Home
 Local News    
 Global News
 Technical & Product News
 Opinions
 Contact Us
 Subscribe/Unsubscribe
 
 Publications
 ICT World
 Cable Talk
 Computing S.A.
 Network World
 The Channel
 IT users handbook
 
 Sponsors
 ICT World Company Directory
 
 Partners
 CareerJunction
 Johnnic Mag Division
 
 Privacy Policy
 Privacy Policy
 
   
   

Back-door worm targets vulnerability in Microsoft Word

Date: 08 September 2006
Issue: Two hundred and two (4/9/06 - 8/9/06)
(ICT World)
Category: Technical & Product News
A new variant of a Trojan Downloader is actively exploiting a recently found vulnerability in Microsoft Word 2000, claims MicroWorld Technologies. The malware infection is said to be caused when the victim opens an infected Word 2000 file in Windows 2000.


The flaw is associated with a forced Memory Corruption error in the text editing software. A Trojan Dropper named 'Win32.Mdropper' exploits this vulnerability when users download and open a specially crafted Word file carrying this malware, and proceeds to drop 'Worm.Mofeir', a network worm with back-door capabilities.

Worm.Mofeir then opens a back door channel to contact the remote attacker. Using the back door, the intruder can open a terminal access to the system, download code from the Internet and run, send and delete files.

Almost everybody uses Microsoft Word and it is one of the most widely exchanged file types in the form of e-mail attachments since the early days of the Internet, points out Dinesh Shah, product manager at MicroWorld Technologies. Most anti-Virus products consider Word files to be harmless, and hence the hack will be hugely rewarding for the malware writer if he can inject the malicious code into a Word document, and initiate a multi-layered onslaught there on.

Shah says there was a similar attack in May this year, by a back-door worm named GinwuiA via MS Word files, and, more recently another one called Win32.Papi that found its way to user computers through Japanese text editing application Ichitaro. He urges computer users not to open MS Word files from unknown senders, until Microsoft releases a patch for the flaw, as there may be fresher attacks targeting it.