Rigged Word docs exploit 2008 bug, say researchers

23. April 2009
Attackers, probably based in China, are exploiting a December bug in Microsoft Word to hijack Windows PCs, Vietnamese security researchers warned Thursday.

According to Nguyen Minh Duc, manager of Hanoi-based Bach Khoa Internetwork SecuritySecurity's (BKIS) application security department, rigged Word documents have begun to circulate as e-mail attachments. The malformed .doc files exploit one of the eight Word flaws fixed by MicrosoftMicrosoft in December 2008 as part of the company's . Alles zu Microsoft auf CIO.de Alles zu Security auf CIO.de

The holes in Word 2000, 2003 and 2007 for Windows, and Word 2004 and 2008 for the Mac were plugged by the update.

When a malicious Word document is opened, the attack code executes successfully on machines with an unpatched copy of Word 2003. "If other Word versions are used in the computer, they are only crashed without any malicious code execution," Nguyen said in an e-mail. The malware drops a Trojan keylogger on the compromised computer to steal information, such as usernames and passwords.

BKIS suspected Chinese hackers were behind the exploit. "It is connected to a server with the domain name '8800.org' registered in China to receive commands," Nguyen said. "In the malicious e-mail, we also found charset="gb2312, [which] is Chinese charset."

Attacks exploiting vulnerabilities in Microsoft's Office applications are common. In February, Microsoft's security team acknowledged hackers were , then earlier this month issued a , the suite's presentation maker.

Zur Startseite