Microsoft Investigates Word 2000 Trojan

Microsoft said it has launched an investigation
into reports of a new Trojan horse targeting Word 2000.

While
security vendors differ on the possible severity, the news has
awakened the software giant.

“Microsoft is investigating new public reports of limited ‘zero-day’
attacks using a vulnerability in Microsoft Word 2000,” according to a
Wednesday security advisory.

Potentially, Windows users could open a specially crafted Word file
enabling a hacker to corrupt system memory and execute “arbitrary
code,” according to Microsoft.

However, Microsoft said any attacks require users to either open a
malicious Word file or visit a Web site with a malformed Word file.

To avoid the vulnerability, Microsoft suggested Word 2000 users do
not open files from un-trusted sources and use Word Viewer 2003 to
view files.

The company also said it had updated its Windows Live
OneCare safety scanner to seek out and destroy any software
exploiting the flaw.

Once the investigation is complete, Microsoft could provide a
security update through usual monthly releases or offer an out-of-cycle update, according to a statement.

Two major security vendors say exploits are now appearing that use
the flaw to implant a Trojan horse, creating a backdoor into Windows
systems.

Both McAfee and Symantec rated the risk as low.

Symantec, which has named the exploit “Trojan.Mdropper.Q,” told users
on its Web site the exploit hasn’t spread beyond two sites and any
damage is still low.

Competitor McAfee agreed, ranking what it labels
the “W32/Mofei.worm” as low risk for both home and corporate users.

Bucking the belief that Windows users are at low risk from the Word
2000 flaw, security firm Secunia announced the problem was “extremely
critical,” according to an online advisory.

“Anyone could with this exploit convince nine out of 10 to open a
malicious Office document and thereby compromise the client system
and bypass the corporate perimeter defense systems,” Thomas
Kristensen, CTO of the Denmark-based Secunia, told internetnews.com.

He said Microsoft should patch the flaw as soon as possible.

A similar Trojan targeting Word 2002 and Word 2003 surfaced in May.

The “Trojan.Mdropper.H” exploit appeared to come from hackers
in China attacking computers used by military contractors, as
internetnews.com reported at the time.

Symantec, which at times has been at odds with Microsoft’s push into the security marketplace, on its Web site earlier this week called Microsoft Office “a great platform for social engineering and e-mail-based attacks.”

The breadth of Office’s user base, along with Office documents, makes the
software an ideal vehicle for malicious hackers, according to Symantec.

However, issuing a patch is sometimes not enough to prevent an attack by
Trojan software, which Microsoft found out the hard way.

Last month, the company released a patch for what
it deemed a “critical” security hole in Windows. A week later
exploits were discovered targeting unpatched
computers.

The threat was enough to prompt the U.S. government to
urge users to apply the Microsoft fix.

News Around the Web