New MS Word Torjan with various file size found

Information about TROJ_MDROPPER.BO Trojan horse is available. It exploits 0-day vulnerability in Microsoft Word. At time of writing it is not known if this is totally new 0-day vulnerability or vulnerability described at FAQ document blogs.securiteam.com/?p=586, but many things state this as new zero-day issue.

Reportedly initial samples were received on Sep 8, 2006; i.e. today.

There are three delivery mechanism used:
* spammed as email
* dropped by other malware
* hosted at malicious Web sites

An embedded .EXE file frops a new malware with backdoor functionality.

The size of malware reportedly varies and this related malware write-up doesn’t include information about Word version 2000.

I believe that this week we have a totally new vulnerability in Word, however.

Update #17:30 UTC: Trend has updated related advisory to include the following information: …undetermined vulnerability in Microsoft Word…
There is no information about update and revision history doesn’t include it.

Share