General
|
Written by Daniel
|
Monday, 21 August 2006 10:04 |
Dark Reading Windows Flaw, Word Trojan Found
JUNE 30, 2006 | Microsoft is investigating a new flaw in the Windows operating system, while researchers have discovered a new Trojan that poses as a legitimate Word document.
Microsoft acknowledged the possible Windows vulnerability in its Security Response Center Blog last night, but didn't provide details about the hole, which it says it learned about via proof-of-concept code posted on the Web. An attacker could exploit the Windows hole using Internet Explorer; the user would activate the malware by clicking on an infected link.
The hole hasn't been exploited yet, Microsoft says. "We are not aware of any attacks attempting to use the reported vulnerabilities or of customer impact at this time," says a Microsoft spokesperson. But the spokesperson says the flaw may require a security advisory or a security update in one of its Patch Tuesday releases.
Separately, Sophos reported the discovery of a new Word Trojan, called Kukudro-A. The Trojan isn't exploiting any holes in Word, explains Gregg Mastoras, security analyst for Sophos. The exploit is a combination of a spam email posing as an Apple, HP, and Sony laptop sales pitch, and a malware executable. When you open the infected files, called prices.zip, apple_prices.zip, or sony_prices.zip, they launch my_Notebook.doc, the infected Word file with the "pricing" information. Once a user opens the file, the Trojan silently slips into his computer, and the user is none the wiser, Mastoras says.....
Discussion
|