RealTime IT News

Microsoft Investigates Word 2000 Trojan

Microsoft said it has launched an investigation into reports of a new Trojan horse targeting Word 2000.

While security vendors differ on the possible severity, the news has awakened the software giant.

"Microsoft is investigating new public reports of limited 'zero-day' attacks using a vulnerability in Microsoft Word 2000," according to a Wednesday security advisory.

Potentially, Windows users could open a specially crafted Word file enabling a hacker to corrupt system memory and execute "arbitrary code," according to Microsoft.

However, Microsoft said any attacks require users to either open a malicious Word file or visit a Web site with a malformed Word file.

To avoid the vulnerability, Microsoft suggested Word 2000 users do not open files from un-trusted sources and use Word Viewer 2003 to view files.

The company also said it had updated its Windows Live OneCare safety scanner to seek out and destroy any software exploiting the flaw.

Once the investigation is complete, Microsoft could provide a security update through usual monthly releases or offer an out-of-cycle update, according to a statement.

Two major security vendors say exploits are now appearing that use the flaw to implant a Trojan horse, creating a backdoor into Windows systems.

Both McAfee and Symantec rated the risk as low.

Symantec, which has named the exploit "Trojan.Mdropper.Q," told users on its Web site the exploit hasn't spread beyond two sites and any damage is still low.

Competitor McAfee agreed, ranking what it labels the "W32/Mofei.worm" as low risk for both home and corporate users.

Bucking the belief that Windows users are at low risk from the Word 2000 flaw, security firm Secunia announced the problem was "extremely critical," according to an online advisory.

"Anyone could with this exploit convince nine out of 10 to open a malicious Office document and thereby compromise the client system and bypass the corporate perimeter defense systems," Thomas Kristensen, CTO of the Denmark-based Secunia, told internetnews.com.

He said Microsoft should patch the flaw as soon as possible.

A similar Trojan targeting Word 2002 and Word 2003 surfaced in May.

The "Trojan.Mdropper.H" exploit appeared to come from hackers in China attacking computers used by military contractors, as internetnews.com reported at the time.

Symantec, which at times has been at odds with Microsoft's push into the security marketplace, on its Web site earlier this week called Microsoft Office "a great platform for social engineering and e-mail-based attacks."

The breadth of Office's user base, along with Office documents, makes the software an ideal vehicle for malicious hackers, according to Symantec.

However, issuing a patch is sometimes not enough to prevent an attack by Trojan software, which Microsoft found out the hard way.

Last month, the company released a patch for what it deemed a "critical" security hole in Windows. A week later exploits were discovered targeting unpatched computers.

The threat was enough to prompt the U.S. government to urge users to apply the Microsoft fix.