|
|
|
Microsoft Confirms New Word Zero-Day Attack
By: Ryan Naraine
2006-09-05
Article Rating: / 1
There are 0 user comments on this Network Security & Hardware story.
Malicious attackers are exploiting a new, undocumented flaw in Word 2000 to load back-door Trojans on Windows machines.Theres another Microsoft Word zero-day attack under way.
Microsoft on Sept. 5 confirmed that malicious attackers are exploiting a new, undocumented flaw in Word 2000 to load back-door Trojans on Windows machines.
The acknowledgment follows a warning from anti-virus vendor Symantec that the threat was detected in the wild targeting Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP systems.
A spokesman for Microsoft said the Redmond, Wash., vendors security response team has investigated the report and concluded that the attack is limited to users of Word 2000. "[We are aware of] an attack scenario that involves malware known as Win32/Wordjmp and Win32/Mofeir," the spokesman said, adding that definition updates have been rolled out to the companys free Windows Live OneCare safety scanner for detection and removal.
Security alerts aggregator Secunia rates the flaw as "extremely critical" and urged Word users to avoid opening Word documents from untrusted sources.
 Microsoft advises: Use Microsoft Word in safe mode. Click here to read more.
The FrSIRT vulnerability research team described the bug as a "memory corruption error" that occurs when Word 2000 handles a malformed document. "[This] could be exploited by attackers to execute arbitrary commands by tricking a user into opening a specially crafted Word document," FrSIRT said in a published advisory.
Symantec said its virus hunters intercepted a double-barreled attack that comes with a Trojan dropper and a back-door worm. The dropper, identified as Trojan.Mdropper.Q, is used to distribute two pieces of malware—clipbook.exe and clipbook.dll—on the infected system.
The two files are linked to Backdoor.Femo, a Trojan horse with process injection capabilities.
The back door listens for the commands from a remote attacker and could be used to access the Windows command shell, run executable files, delete/create files and folders, or download additional files from the Internet.
The latest attack follows similar exploits targeting unpatched flaws in Microsoft Office programs. Since July, there have been separate zero-day attacks using specially rigged Word, Excel and PowerPoint files.
In 2005, Microsoft shipped patches for five flaws affecting all versions of Office. In the first eight months of 2006, that number skyrocketed to 24.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������xr80�VӮc�*dK.kʲ<u35���ẵ��XOod��"�|�l 4@40,Ps�g�D-DV�,72*-"�Ӂc
�!1�k8�%T尚>5-huD<ݖ<#Xw؞!>.�$f�.6ߟD�Q�M'�vqO-zly�z/f�۱2˭�]6֯U�^�q7v=<&sz5j�x���Kr.�}{�
�G_�Rqut[dQ5m9e}�:s�46eú;B�$W�+Jrb�E����=t�<˴&Ne,k8ӷwFysR)(vuq!>�,ݾ��6�Nk9�Cnt�|l^^�[�r -
�:Fw�?+�Q�"*b.w2��A1z�ju{� i�+%�PK%_iv�$��1\ӣH0�ВF^8RAb9m5O{
Ҽ5ooZ&5.NoZs$�IJ3<�RIӀ�H�Z�zf�!=ޛ�%mѹ
i4?Κ]$O%t:!(Ptn~R|]mUk_{}K'_ǩE�[CY�Cm0MϑBER3o�~itzdC�3d6w&ˍ^$�\L�%ͫ�ę>uܱܻ��ţJf0ê�y>!%�[�)"
k��h:3�f{5ժJ2�E Շ7}��S�Is9�j�\K=0�Aa)#p?�݅I
�pJq�䠊3\ذ�6�,%��^iJH{�g8�� �=hq,C]�dN��'o�#.��iè `Q%5�.�
'��!8Q$Jus3p{@e!g黠fiU(�YWb.2=+]�Λއft;W�>n]�8%gk�,$]ezr�c\\�wW�R�ۭE
3_>CA*'�EL@�J�n!S[�ö@�3&ԇt-?{Ƿs@!0h�
v ~ҡ9V�mǾ�#<2h:m�5څ$�
47P}HG:aI�$�Xx]
c�_��)H_�bH=Sͪ��*z tn��9��Jmǃ&7?6�
{
K`p���&{�hk
-D4��#`��Vz��<���2+?k>�f}(:O�}QH{�|`@=S9nZ@c@\:��Kod˵�AK��M #RS >��I#r���*��B),`@n�!� P�䎄ЋB>��
l�Ba !KgB᱐G=7 �>*%�qR�Sٜ�(,%1M&_
X�* #�"0�9X����
?4gj
h��%�sZ!m�0*gu8�u/#JAQ���R×�U^?�w:L��ҲG�}��4]�C?"�f�'ބ.c~XKpoFaB?>fѦ)M&��-͇j�|��S�Rԝ{01�E�M$k6q/l}j�0[l6g��ΔA� ��Df_w����3�njr�9YsH��$ך^rdp? �X(�n^ßf�1�����_NwW.Y� �3DXVHdFa!f!
=f lPȬ�T s^AYg䖅⑦_1aYX�wXOڠ��ťHL)m�tѸ+8ECW4jE;�R4E֊fSXؼp@�r6�zeXZ�@-ĿU�I
,7�X5oQ�V0R&���4�)�I�ܚaY�lct�zx:Jq_%Mf}h]߱}�tq;1Se?uo�md2l�MJ'V)|rcܱ��M���(�PJ$l%I*9{�=Z�J�\:"�gtñ'mЙ� )!�"$4(>A�XXvThjYL��.�"=��@(���K��Ō�ұ�ә�ʢ{\]SvԻ>Q:oM��V P�8pD30ڠLzi-6!&��1��]�ɰXPr�~���l"�zd\s˰0X.@rFe9�A�u\/HR �H۴>��KMv���u׳ӐPR@��B^Nu���5GANvQ5B
7�.B@ŁǨ,pu�LT���glQIB(@�u�cD
V0� �.c"==;3$t`n�̂/S"X
8h��� Bs
�LΧREXB���v1��v1UEP=)o�M�ewuy0Ě߰|�VT#RB�s�]?7�2[!*�*7}o�;t&)ʹ\�ݎ�I^-J8YAp�{�o*(S(i�5}g4�'8>d�}sX�̝R*}zK]W�>3AW��ά���+�۟0F�O��%Lp�2HUޙ�y`#'8@�zU0�eESU[�+;ߟ?�F����M���C\4�|�`���5 �pf�nUQ=K+j9['�BN�.x;Z6G};
!��$rѹe=Qd'��V!Ppj-�u:w=[\3
Q�|5?bʏQ�05.�2*J9kkjTyFP֫W-"�fdbD�Gs�8bC�5�\#��fo | :Rn{ޜ�9"zfnހWIl��Ԋ)L6{[JϮVU07>�Y�L\l�[t3
x8&sozZ7t_�(6<�窚߀"���h��&Z>)[}!}5\��9vܘy5DX/{�~zUM+ĺǒ5dDfbNg�µ�φ5#�;�k7sPUSyr=/W
eP56u�2�\� r�Oun>�2e�e�#_�?�M]�[LGzɖ0
Pgh'� ��ٸn�~jAy̧�#\�fJE�f�6�4�\D"pL�ƍnp�؉v/�W#j'ٮ\S�kJA)�su�EZ!*�c�^.4}Д��Re�ɼ7)��Z�C�C+�p�fbF:}l;_*|)<+�E)[EXqm1_,�̉go3X唲Z<1lz�
�ta6v!FU426HE!I{uO(syj�rR�x
v\u�9-ҶC
��l⊖v�~ـ+τkwx|�A�:�4j>jR`2���Ov�\_Iў�|2d:
��5C+njBcej�`�3K?�-8Ҵm�+6nfD}��P�a}d҇q'�$˴9I-?�O��
��0wA�*}7*\E�Iv�쩦n�ל�� ?ar_n�Vׇ} >(J$3�b^ 5`RT̜| 0�i!�3��"GpD�2ɼ�'�xE@o83A������6B�s9~[6E�5a�Php|
^/�H�HD��BB-J-4�n7<[.Wd�7����uuؾpxt�~�%����l�l=rI�~��jg�^Ѝ ?��PX2"s_E^)OF4M}Iv1��¼zO{�;Vչ:|B.w�0@?|/�f�Y\00C�>KF_ǤpB`MUCjTc0K!{��g5> ���`i0Fjx}B]ڮ�>bjS/zѺz'2y/p`��BANi�8ͻ֕xIsٹNe)[�uE�s=BN�AHֻc���zW!z.lFS�Ltk7d81'gjeXc?$Ø�/�6Q}�i�:�B[KѼĂ.K^ל8�"r�\3 n,q� ۯ`M�9 ^aY�,$2!)��w�ʖtz}}��E9����,��{B�:�hu/I9S�D;����`M+Щ
#~_RB�I"Q6#=.#�ķFsSDǗY'?0��(:K7o1�?Oů1O&�8��~�P6=8̫rh縍zRt.�IQ?xH�ؾluާ&�}tz?!IZ�:g�ōW�7 r�E
P1!CJ T5��6zӎ'>s�fx!u,8hq�%ќ|̥8�BٹGK�k--�̐s$S �a�C %m$Nj�f�k��C@$_IIv(+6H'dA�r�c��}gy����'��;[
V�H�_8_`D HY�)=y�bBb%ťh0%W&B|c��xr�)fHg}B,"V�ZaUR)Il3Mt:"-Ȓ���p
~ a�h;eƫ��P|f�e�yEB�3^�ݾM�M64�8tic�?!W�_7~w�b6a~%e$H~!RС{%|$^�*�\+GAl�f#'䬉~+ѫv<|]*-h�:[�_Hu(�>H�OKr4�M1fn��dLc!I ɪ:%7=o5ʜ9%++xt42a��ӂQ/�o�f��(f`.�!zeТ166knQ35Ӈ�T|u'�^q�.E~(dR=n
�.oCZ�tGq�WG��nƲ�x/J)F)�n.e�U@O�K4�{[[|�Q{tH���{9X#60�NñآW3էG=|n1G�?G5�ȥ�<.ZW�7B!E�V֣~]s�ի�R�Ld@�@��qd;h�l|�wgLll���4!R"ШdMr�ln8H�W
�;�6N(�
ֱ��VاU�1�W�D�;�ެ1!I[3촍w��_wcTQF<�)2_l�YR|
� \��A՞
�\�N��^5fʸ��hE9$͖�hOL!_��
2�6,�2d]�~rZRQKJE>�
>̑��*NCt6u!Ig/;`tX{Yx/yHy|���aX p/�,p9xT7�VhG&�vgTqS����
:�f��ЖTBn�uw��cѰ§S_�_ZN)>�_��XX��gď1xX۞PҞﮮwC��oi0�L�ɍȜ�Ie�CO�̻QR;d><9Y8k3'dGMi³.�`'Zw>�S^G�.odHN{̉���zBEe�>F[W#H}�͉M�N�z _TC*AW7AgW�5 _8�RY!�ҪжT(�TT�NAgqsÃc%�&B�EOtf�Oo,3
�Hf\;/Ŝ5�gAr;nT|)ڔ�xX�xJH^��{;xrQZȟ7 �J%�;Av8T(B�|i"6�\cHok.V�L�0Mè'�u D(a6TP;ZR¡
p՞Q8t�f�/#G=|yf>R!E�`O ^@oxZ
\ݮ��{Ll&A
@kN�e�AŤ�R0!�P^٠H�]�us̲1Aˈ�JG;$Д[hNC_HZZdb�O�dP���c��$�@z#@�%H8ĥ؉Aw?hv4%�Z��W/?8\Z|X{�,X�^O٥tҊv�{A� KCKO-:t�f�B잯R̶vκ�$E%>�)1ѵ�stn���Ӭ�=qZ ���A��*i�頿;[ʼnVڕ@/N TF��L'5�gc�,GـEGf�: ���8lYD�/z��_kWh3��^b$G��0ӻ3sJMo�Rb,,9H�?�$!�%OFC%_迸+�`k-k4̺�
">kTo^��5UE�KJD0� yȩ=$j$[zqYyJ
+`w�t8N&8"�yP%�`y�)U%�wrzX)Q_gA
�+a4e�
�Sq"��~�) |i$^2��W=ZCKE�s43P��FÀ�i/��yy�tY9L*<ް#w��C6Ci#"�\��TFX5
IRc.مR�d�NSMc['�8�8?�8;��p�!aݦ
}U2�||՞
bG̽i~l5o�F4U�tM]vYHRw;;!ڱLo"+|�y�DŽ@�5��@��x
ߙXzIz 4^�ʎiJ<7mݲ�-R���<\�apf VR_ʸ�ȣ��$�L`��3QΈy 0<ԞU|GzUt5m�(ݹ=�EP
bzm�� �'�h
i�N-3�v�-f�{?Jo9c_*Z�T����k`}X�̈'AQ�W`�Y�msi-4,)+a^�W,Z^K/XHyﱉ�͞Gb�~u}�2L�@04�QY#6Dy
jHg�c9O`
8eYc@��=b��ᚃ���
z3݅^9CztDG}D��sW
$ ��Ӗ
ƫ^]NB)3ik[�8�$OY@�[r72o=Mv�ۤ#(hMVH ~ % �98xJ�!T7\m�r|�d�w�=
33&Nd§_EDjH9G
es�^ܨ�WQIFRߨ��,�̚A_E5* I���RoQ'Z_0�n��PAftv'D)L3�jgT*�T0k�Lںp���䭽qؽd�_?�?>��!ә|�H
jv`�<8�&ɨ�Q?(q�+'[7@9>r����.��_�3D�8a+E�k)G>ş�Z�WȟKXŢW\;�gvD�]ְhc��N4�#n�I@ro�Bq}~�r,�?���};KD-q��vR|@Yn�2=�06v�1h=(CZP�Z�p��+Ud]�I�sp0RG59x��+��~GMHZ��c@�_��^�a)~c�A5ˊ>^π� "�KCj8<%y3�NukA$>'FS��h�R�nhcl9�yj%\ly(.I^:)Ȣv�i=^^@ֳ��ӧ3}&5"L6P:QV6'�f\::B�@�W����x��Üϫp��:}>4UԈ�qc*�~�o�3=�q,ok=,*bSm�3]MpVR9w|��%O�k%W0�OEn�lx*��KGVxMB;{t;�Q����̊XJst4��f��{=~yLfR��a��w�'L�v>_K�_�ݰ�VI my$7��[�$~ZƮ̄H`1%3V��:5oH�%jv/^���\3Gym"����)�<�S]ܝ��=ΐip�8;:�~��6ľ�مyE*�d;s?wK�Y�\v���f+��jw}ٛ�0>��q6Б`5"'r)!H~{gToJEɡ�#uB~���́
lnZ]��A�れF ��<"m
�o]lĘ[v��
�5"t�|TVmDS�(��P�0mÚ�1f;ŸTG�ۏsGcu�9%�o݀%P`�W|83nj\J,
|>3ag@@i?htM\���"@I��>S�РhP؞_c?pm2�Ʀ\I0\�6|XL?q@�9�0<(�[�]ĝ?]�wى_}o*��惩c$�\d�_���9p:�H�g��@w#:ǜz9s!aR;8U/総IL�q�X\~DB(6s��Vr�c�}
56ú~61
Of�A�Cb�p)4fLWtVjI)�_�s]��j!v^M�}rܴf�oH; Z�+IɩK����Iː�;�
Y7
x:�u�1&}_`D'r!ur~lM\e�Qa]k��|lWsN;OgO筫M몇A\8QR_[e(�L{6{Y��n2=eNq(E1B,rؗ4x)�e�^/�*U9Sœ0k.`Jd
-!j�bc>�}acL h4]-�[Q��,�G>;eQٜ3g"uxԢ/p{@a�^�jQe
p�!Bvͳ�\53@bE%eJ{H�?@:Pj=%�靔t�LI?瀟�Ki�asE+ShmNo52V#%�Ji�gZW)VJw3ݔOis%L�]2>m;mN�m
i
o
N6g;>GR�?_@EJ? �)mHo^�U
\]_�Ii�O'Et@tR5u
}\C7@?7)ӅwS߅wS�__�>GH�ҿ)۴t�oS�M\'I)�S~�S�ӔBvB/"ȋ%৴tXB]W =E��HO�Xi:)Zeu
L)/�)^�}FN*Y�_W�KM0TtӖKT7cTo)i:Hv�B__0�qL�w%,ߕYnƊ6sL�qϜ%OWihM_�B�ӧ3�ܧ.Hc=h60�.Ő�3[ʼn?|�k2�ى?@�>��q]4s�n��xk�2%=
CG0�U�75io[~t^<\sϬMEf�l�NA6K�I\dlߥx;�ߚƄ,zX
���HH\��.�n�=A+Ko�gU6>ܴzW߭�Ҽ_=Vs�~Ue_,�US
!Pa0
ݤ�p=s礏3�M�
�wC-Ѽ�~78]p֘�؉�Ǝ3�
P�
D�*�״ZjT(�3'?�'7du���zD�b�3jJ]�,ՊJ/�L��3DA�G���]{J��,�;fȣT���{�u+^J�!%\B�G�taUıW0F�dy5K as8aokh;|�#�?@�(s�T;X^F�$�l��B�����gMϛcUkg¥�*6&&n�wu�o��ɑ;S}}�ӄ{Ìb >���hգ9Dq��|<,i$`�LNW�H[O\��.LeUzyt;[18��,^bٴp3`XC�Mk'l�ylb)ub�rق2��E'_M#̓~D=f�I��L-q{IJ��BE��}ǡ!je:p^Qq@1Z<3{Z\�Tч�ee}�nH��UΧj2�:��ж��U7`m�-I�U`�oAVn�f?Y~��r@]Pa߂g�`�cwD
.��ZoYE
pWa+e?6MPxOl3
h�w:E~�d�ȩH��ly�H�ϳ�j�)+gt-(�9x0{~�6�,ӛ�~HǶQ
�_a[P~OY��3KbA4\i�n2;6E�i#�|��@{m�t*=}
Xc�
0,:059-q�얢u���nDl!a�AСn-/D9�@�b��{�;pSr46
�i��Q�p]dؗE'o��d�o{';u^�|dڗa=r����c�c6ngFb��:2�fOŀ��nۦ_q�x��F|�/�pc��Rɸ{m� y�2 !yyuvҕ�AࢸɍIF`:`^d++)ؐ�:�2���k�0bG���1,���Qn7=Na�F*)Au�a%�o�*�{Ap^7�e���S|"[8.glL�x\vn"3t㎧|jHAF�yiAQ�y:7f����]�ջxF?0�}\}.l4GF�T����VUbN$7~hEѓ�e=U.kIEɗs;]j{v�ۙ�fٱNi8PU>ɜK�RUk85WYf
gSߥT%F�ھ �wm&l�2)v}m-c6�]-k��>I�BW)��
|
Network Security & Hardware 
