|
|
|
Microsoft Confirms New Word Zero-Day Attack
By: Ryan Naraine
2006-09-05
Article Rating: / 1
There are 0 user comments on this Network Security & Hardware story.
Malicious attackers are exploiting a new, undocumented flaw in Word 2000 to load back-door Trojans on Windows machines.Theres another Microsoft Word zero-day attack under way.
Microsoft on Sept. 5 confirmed that malicious attackers are exploiting a new, undocumented flaw in Word 2000 to load back-door Trojans on Windows machines.
The acknowledgment follows a warning from anti-virus vendor Symantec that the threat was detected in the wild targeting Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP systems.
A spokesman for Microsoft said the Redmond, Wash., vendors security response team has investigated the report and concluded that the attack is limited to users of Word 2000. "[We are aware of] an attack scenario that involves malware known as Win32/Wordjmp and Win32/Mofeir," the spokesman said, adding that definition updates have been rolled out to the companys free Windows Live OneCare safety scanner for detection and removal.
Security alerts aggregator Secunia rates the flaw as "extremely critical" and urged Word users to avoid opening Word documents from untrusted sources.
 Microsoft advises: Use Microsoft Word in safe mode. Click here to read more.
The FrSIRT vulnerability research team described the bug as a "memory corruption error" that occurs when Word 2000 handles a malformed document. "[This] could be exploited by attackers to execute arbitrary commands by tricking a user into opening a specially crafted Word document," FrSIRT said in a published advisory.
Symantec said its virus hunters intercepted a double-barreled attack that comes with a Trojan dropper and a back-door worm. The dropper, identified as Trojan.Mdropper.Q, is used to distribute two pieces of malware—clipbook.exe and clipbook.dll—on the infected system.
The two files are linked to Backdoor.Femo, a Trojan horse with process injection capabilities.
The back door listens for the commands from a remote attacker and could be used to access the Windows command shell, run executable files, delete/create files and folders, or download additional files from the Internet.
The latest attack follows similar exploits targeting unpatched flaws in Microsoft Office programs. Since July, there have been separate zero-day attacks using specially rigged Word, Excel and PowerPoint files.
In 2005, Microsoft shipped patches for five flaws affecting all versions of Office. In the first eight months of 2006, that number skyrocketed to 24.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������x}r㶲s\@♵M=Ҕlcؖ%פN�!1Erm%'?_v8x��-ٞd6I�
h4��{$sG7L{B.�cnQ?sOG�7郿O$w�}���L9UQ#C3W)92� En�n��Q;^��6 \�H|N� 2wx@D���ʒ)5'Ӡ5ޙ Q}_6g2z9o0�f��E63F�}>Dm@��=E9�J��Dq�DRงGEQ>�߱L㈄-:��;|7*,C'�8ӽi�/Ç
J�8��7�ϛkd�}�=k|�|�-xa+
w-}qH3�Z�Y�'�[zkXy!l�BP�!"B��τ�wG�hA%˙8_I@ؒ�I5h mUr#Өbbx�=�:�wހݑc9��N\^BZ�3ӂ螩[�mɧ9�\��g�ԏ ��YT4u8DrH�n6�tU�yO,ӇwRp�ce[g0m_Ϫ|��sqHf��j�d��1KU
6�)�c �txz`:v-2踞ö�ʲn
g�32Gwy�Ⱥ;RU�P)kJvd�E����m8�eG�2͏Q}/sj.z� �`h�v�du]+h5�u=;yظm � @'Vb��}�"
@D%\.�fI"0h��Mmhd:~�Hs|T㕒~T7jJV�4E;
Kh�1S$!hIcF/XTU!�wbji_Wם^'gם)7bٚX^B�ji@�e$�X�Y3��%mս5i?vN=$O#t6�+?f�'_V[U�li扯 qf{Pe�P{pHj&H�?'OWm2
y$Y-r":_��Cn&J�ݒeL_;D_ˏ�KQ
�%F`XՀ7�? iP2\M8��X@.@ө#еԛ4BjnVӔ�
�)BÌ�:�ܼN�R�$9�PX��T`4�R\� 9b��V��vf�y�M)�I�K2_VJ_[�2jF֧TwIQ��a#{<͈��_��\@�
1
p1SEҭT77s
9t�ipv���^nVVՉ:YXYu�fjZY?iQw9qno-һ^t�0,�n=@E�%���-DCs
PId&3@yOA��dro�m͠~�(wMnP�>h^0 h�p.pp�YY;90�@Yq�2>�ho��ќ�u҇�*��Qc>>Ԇ.v9.b���A/�tK4=JIA�}A�4�"BQF��
�T� * gscX"C@#'� [A�k� �bR�.<��Ҷ�B�I�czn<�)}T�Kh+\�% 93TYJjL=?Fu <"`*�ˑe*0pMSx6Qn۠o�ʑUx:IkB{<6G&,a�C�d�p{<7-4a ��[X& -�T����0�E8Y�f�s�p=7�c@E�ys{J�h`p=0#̴b֜`Ja�Ǽ����2iE3ӆ��MId|��B3<
Q8M�z�eR#O>0�8;r�dž�fX8oÕ�=5q
؇�é&9|Y;ew��X*MmE�c7�˅L4�kV:H(AX3�b-y2�0m
挦M31r@@S*SN�T$�3(Q2}�=�ӧ�L�E+)I�:3X-�h�OWm��ilٔo-V,J?Ս͋0z1(�ەa]k-�T8�?��Z�!Ce[�o,l0Ԣ(`|M(" !�ڴ��ksaͰ,C�/P<\bP'^%äkQSKpSw{�jab�E�3�UVjF&,-s9Z��a�UsV@���d@�7h�`� �DolVCbx5�Zz'�As,\O�T�\r�6(*'�l|P��;u��-
CO4,��vFV�fj:Y]����~�2.|N���,/0{��gб�3a|ea;m�eSKq6Om��V ҇���D-0ڠ�M�E�N6b^-!z0i\ԗKJAUc/`mLĽf��2�sM[R9cDzlĠlF� ]Q6-D.L{��
��jpj� Z��q�qf~~~0,L�y�.|�}u�V�N0\�?@��R*Ö13ghjmF�ǙXT&A�ł�4 V0̈́�Ouo4'8o'<|�CX�E�N�4b��6��>��\PX�t>� r��+b$[����T�:$f��߁äh�:,G$��=4nj}3ʫ�2�y����YZ�
J
ilheU-UjR
=6�2z�4Ebw�8pc}y��w~~6�Fi�Y8�һA�T}f6݁
/�r/�4�ܸN-â�,�hXodH]M;H̎@eƚR*%1��c�0]((*H3�sazt��=yh
dEM\L!'Ic$+p�DᘜQ[?߀��)Z
&`�}ٲI�Pё�I�eA:��ݐ�?�zwf��y�@L��t@X�qH�&�3�E�6(9���;@+%5-|
I�1�H��%�kSsGŕR����CȮ�c��f:,JV-ʚwZu�4�]pH1�)dzD4@+�q8bk
��tBk�ݸ�dV}P@MnΪ6��B=Gm@$�L|%4S([/'W'zh�R_幛667/=Ǐt�[̍<9y�n2E8ZA1JL;/E9Ȳ
(`��1Bnbۤq:&C216ݽZ
��o^�CU�IN:Ɲc}t7wֿLWE�}k`guɛ��(*�
Kq393"nL|� �jZ,t�γ>^#2!9�=�?�s/-Zi0�=z*%\.Y��i��-cx�89e}̭�7O7oUU�AS^F;:9&ߐ@ZO(��] �8spIE>��2N*,E$B�(NYc�H�hٌ*r/Bփ�`AQ�*/ "U!T�n܉���C+
ސOZDC^�$G|)�AT�DUPU(V
�$�}�V;*h�7xў6G+�++i-^2�ya�n.�9[��4w�ҨKV-,sKiʌg�_|�r]rf)ty��Ć5C/-iBsyr�`�0S?�4$N^�VpDMc?� )03?2TwQ#rlKV+Q~\#;�R�9!pUv:<�a�Sڎ6�N
#Z[?�i4rG�6�}�i�:�R_KվĂKӜ$�"^j�?N3$n
ʣn4�l5Q
V�`!旁�PH?(_�wa��H��H��T
�dDӻ:o~de�n/" m! D385�C*P�+b�K)"$Dٌ |�Zu���_f�+bt~?7~�+0waAdnkF+9mԓZ{~@H
y��?9/g��IBعQ�Pxe�&A.HWؾ�J=$S0�QJ"g�8�^�;n)>mZ|=`��Rr���
PR)&|z�&I;ɰG%uYjdJ1%SBt���0RH P6,O&y=%lQ1 i(KBi%�lbTHRoO�wռ�,7<1ޥ]ƙ�xzIuc!h�sdgKU
#
KQ�k��I<��)� -;|C?SB[LO>XkI)�jշɪ؉���\ʼn�l0 Z�p�a\CrWkb~�MȩZU$}ݝf0�أ0kd{V̴jt�2a�є�{`ֳ�s@Ӝ�)|s99xf"6TNlywy#K(U]s")5Xf�x>A�ΈvY��{X?�L7mb�iueO5i^~ꟁ�&m_ <� �H�t^���=2oۨ��.ʌ(="[7'zxyu?rBΛ�ٿuo�ue%s�7+�۽tNLT�z�yX
J}~l/It6�D�jy[a{wCWȪ̙S.{ۋ~g#S^q:-< ��&n_�%3�-OK�ni^�x u�g[�1rfo ��},Q>�]bw�PȤ�{_*f_,$R麏9����]Md--^RSne�u@O�K4�{][��Q{O��{쭑�iX�dbQQ�Wفg�o
1_O}�rm�Nj&�X�r?�4h�g�azc{ƹ�39��@�*y�x�\�[s5&pRx16�y��)1hTRo7�{hn;�d�⫆ܖ�~�@z'�ziX��W+*?'gc+ޙU>�=d3eNj��O8�)�t8/`y�CLbHFI�o{h/a`ˀܒm�]�7 Ϻ�p��dB}4,�\�ɐ� h$���Z`^��:i\Q�8lNbŐt!b�[�E^�60T|w~@d±sÃc�YPLGP8O,3��BvT;Mł5�7f
;PMb%ލ,xDdJH^<�k7xrY[ȟ7 F%i8Ձ1T-8U.m�Ɛ܍ׄ]ī:$+1��yT���f���N1�x��F}Y��LkOh KChE^+%�W+xAA?�nD7=%�q�k>R!�`O &@OxeZ�<ݮ�j܍IlѤ�x邟�F(@Q��&CC<+;S���R�Y96�X@f�*t�-~��,��Y0�c���>@9D�I�� @ ��q)j"r�=�f(Md?�-!Fvyc̫w�)o��,KJMRJo2HK{>i[0R�sk%wt�93a$��$x>��TG�[g݉Z*JRxuj]=�ؕ0ϕ�stj�ҍ�i֊$D�H� ��<)i�Bٶacc|�-�_@z��I0Y�~t-�$X��!a?3$C��",�s��eG�Dn]nW9IdTzu2J0ڒ\f�}XVLxe ھyR�,,9H�,�$�ȯ�%FC%w_踸-?bk-k4̦��!>kTo^��5UE�KJDӕ�a.DːxQ�IVmI�V�t:&8!�yH%�`y�1U%�rz*Q_g
�+e3eRq"�~3~3~3~3~yiR(/75,�#th�[ݗ.�RǠT1WK�5XQ9��"7ς�+}yp^E�wjfv$m$�^ޔRoj��A�| �P
{��֥9nTŚ_R�jil�g���g�"���Y@'�7B�_�ؒ0�-8�;[�)LUE:.]Q]!��<�^ n~e�r,ӟJZXm F^!5�`
$;:5�?^W&^�g�^�M׀%%�?�%�q8ZOؗn\S��rQ->Ev��G�@0<�41p_)팍���lI*&S-k
=N䀋�x�wKJx%�86Ћ�y�$I�L`,b6�be�i�8�m�*ċP{s{�k�)K'=CQ:/}l^�Fە:})۬-�,
&��Ah���ӏn�Ө3&Z6>��g�ܒ*J
�h&�V`ِ;|
yYW
*&wI##f|f|f|f|ZU+(_,$L/>cwH=o!�c`R�O,o}�U9$qqRR(N$,y�TΗ^h|N7
v^�=Ós/e�i[��D-ˉAޮg�ϫid$~i_J's*+l�iY�tT+k�%4�E 3�訩_Hnq~6ld�vdP�aШgY��m]=d��@%�J�g�v0j�;�Qbvdؿ56}~R�S
ҫtMucf<ܪïØ.HXA�
�,Us�w>6=��9+ˤ �Q{�Lq+QiH:V};9�b?�0)�0.$o,Sſ�զ��0aC[_`n3u»(yk�1q[.�G)�K@�u@kB_aR�M:'�;�;�"
�j��>�~Rt��(Uܯ�@M��e7{|'��FZY�͵#�O�Yx+MEW# iD7n�wq�H��Mt,va�u )ȁ.G`*Dz'^t��]D
ǹp`W!%�0-g��cW�F�=�%h�ٵC!,Q�(]Es��n(?�ñ:ɩ-[��FX)�zc"��Z�"�'"�KI�H�
]^<��?���X2q���n���/͛I~�o[+]�u.95�͂E�ou
tC��c95cS(5u=b;=G/5tIjbiA�Nc�2·�uuWpkLxl4�tlNz� yԥ:BM`E2�WBr�J�'jrB1�Rdu0UԈ'+�U�0y�j�DZ'a^V�1z0Մ\|�W\AO[jswDPeuȒ�єsE]T�zXj 0�4;�$Op�A;�Ь~6տ4,L�8�\Tn]w=jh�D0ФHd��[P)ÿ#rzwH1��.đժTjQ�ܣ@VT9)�9n/D{ǀ�d{=ב8ۭŸ�=/bZN{��
@#T>cr���}�K;TQ`m3_w���=g?�>��->ØW-V]M5վV(]L�m��;ڰ�aw�#� 796Yln�XIΜ0ڱ[w6-Rݽ<&HP�jߛca_ybu{Ω ʒ2?ag�lmےV�o5JK(ӘELLa��rۺm��6A�`z4 K%�?�K m+6aA�>kq&[Q{Z��s��A٩W1��JzN Aإq+�S�@D�fD�x�b*1bV�զɝ$7a�zgɟ:��o/np+P~ԪۣV7>2<'wW�W|�-]\-�@->N@ o&}^�z�C���&�Mo
Arj$�Wp�
?<}6�ڄY��iDž$�Y.���wGd&$1'��ߔi3`�zk+�ւ֊6 3F@[j$O��� �x
ΐ�P\'m3CsN.۷v߾e C�i|Q^H���:�mGL��B7�a.2
|�~��?� C�_좼"�
2Ûϝy�»v;WXj�Y�
�{�3sأ4ϓ/�~�;#�(ZU<� MN"�@�[� �
o����?B6D���SJTn$|�s�/W[�,af4:��3���z�q"O�0�}��)lr6��#�%~�:t^Q�1ex{�C�`�>sc��[7�;ΥIEZ|zL��]ƒ�$�BѽӜV�; ?2F~XS<�Rh̘TՊR
*uU��2,��-VR|<�>JxY,f+c�/
\jiB�R.
��?$-G쌆�(d��A%Ոɵ?�#'4?5ivn{'ם~{I[t>v.Wם>`&FoT埳s}mP0mw�%e9š�;ĉI�E�<�^;OK6U�Geqy�^�g�tx���Yühz�eo��Llg?Nz�uӲ�r�:OOgg:>/1]r��RO-:
�nzf�h9�c�}*�5=0�8���)n}>e;�Uj^*Q^m�9g�?g�d_C&Pj3#�t�H?駀�|h�Hٜ~5:;\Hu2ڇeF:{ϽOis9?π�]"c|.����Y����\d��ϋ��ȠOˌ_~�g~�HGF�_d^f%e�\]f_�h�O7CtAt3�U�}\A@?�Ӄ2߃2�g__7@_7��?fC>f#c�n!6+�6~oیon3/9IR<��>k^�8#k�gK�"|�)+�P�5Hϐge�3�Vڍn�a�{r!gFˀ^��
KJ+ƥW�*WYKxM}%k{F16�dtb�t�5Ru(X2mM*�!#(���V>&c����ˬ$=)>7�懤J��x]B&JػR˯,lcENj%&~QgΒ'W0'f[�!3hO}oAD2�KA1_u��ͣ,N5;H_5�Јw�3+��{� �ݯ�pmঠϛH^-Ak/�: 7.p[Z;�ţ;TtmfPcv�dm�oCd�y\$ω�ٟ�;�Pe��˦U憛�ÎtP=_�q-�#2O,�5U,%O,B;P&G0ѫIryKdg}�X5R,J{aw�9�. ]C?yI%
���/Ãca]m�8qA�lgK0Ա�p7�'-KX�v7noNw�^&F\c]b��\oTùLH#�D֢c4!�'�`BdtN[a��~$Xl)۹��Xԝ:6jd��9\�*>oa�v�
E ^{�#�E3$05%��*u�:\U�m$9��A�Sh4�/U��;�gKbDZZ1=v��ļ�KBt�n �M=SY,�~ N_D�z��~%�B+/-sD���>�:!31Q9֒�_�Ogwc;MZK9[۲"/�H&�]�a��)+KpK+y�HhR͠#��9"ű
mPm��,%��7]�
%�\6HDR��}J�0N:]�V0N9DeP�^�v��wa�3)���GNJph)hF�<}Wm?[�u+�Ŀ?a` \��}wH�V�Lt>;Oulם8G3
d�d⁜0њ7ZԘP�G��u`'#�~"��V[��œC6�p8_@&s �Vݐ=ʷQ$�T{��i�ZQ�ڃteRb0��yNvCF}�_�2"�L�-L� �Ԣ?3g�)+]%,1AƂ?�qL7V9'Va|0��r,#�X^ҵ<�ok5 �+ot-(�9x0{n�·O�ik[(|
�_a[P~Y��3JbA,\i�n2;6Ŗ�i#O|��@ =H oFة5`y�+@0�4{W��0Sgn)ZF�$c<�:ԭ8=�P0��h߀~"S&v^i�܌�1G\��Q�pSdؕE�l��d3k{gyc{D]Y>�;Ќ
�O1)ngFb��:2}a1 e�[yүy~k�C#>
ksx:X:}#3!?L�j#mg^kte�(nran���O�xH>%7Fr��yʱт���ˉ.X)��Z.�';]2*gN-F���75w�SF�\��c1�}t1�yLX�B��L6�9�2lt*��X"��x~ea�# Vt*N�`wX{y�\(O}y9t]*G��Vώ�/0?!2D"V�xvYpMI{�CK��7-)h!/-(j�"ON`��!Xfչ̈�Cɕ/2F#x�o*A�P~oQWVI8Fv�1�EOZ�\֒R�v�g۲N�*d%r�R�⚫W3EiQ}&'�Cfcnm߄;6�6BJFslx�6�1���E|(��
|
Network Security & Hardware 
