Computer Crime Research Center

people/Billi.jpg

Microsoft's regular flaw

Date: May 21, 2006
Source: Beta News
By: Nate Mook

Security researchers have discovered a zero-day vulnerability in Microsoft Word, which is already being actively exploited by hackers in China and Taiwan. Microsoft's Security Response Center says it is working with antivirus vendors to prevent attacks and plans to release a security patch on June 13.

The exploit is spread as a Word document attached to an e-mail. Users who open the attachment with Word XP and Word 2003 are then infected with a trojan that contains rootkit-like features in order to hide itself from antivirus scanners.

The trojan communicates back to a server, but it's not yet clear what data is transferred. "When the exploit is launched, early on in the process, it drops a bot, possibly Rbot or some variant," said SANS Internet Storm Center researcher Chris Carboni in a diary entry.
Original article



Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo