Saturday, May 20, 2006
Open a Word document, lose control of your computer
The Basics
Bad guys have discovered a security flaw in Microsoft Word 2003 that nobody else knew about. They are sending out Word documents which, when you open them, install remote control software that allows the bad guys to do all sorts of things. So far no antivirus software knows what to look for to detect this one, and it hides itself once it's in place. Because this is so new, you can install all existing security patches and still be at risk.
The Bad
There are no technical measures you can take to protect yourself, except maybe set up your firewall to block outgoing traffic to localhost.3322.org. That's where the remote control software "phones hone" to.
Nontechnical measures are also difficult. Booby-trapped Word documents are hitting people's inboxes attached to mail apparently from people they know, even with appropriate signatures.
It looks like a corporate espionage tool, which makes it more damaging than the everyday malware which "only" steals control of your computer.
The Good
The attack crashes Word 2000 but doesn't take over your computer. All you people who didn't want to upgrade are (everyone thinks) safe from this one.
This attack does not seem to be spreading all over. It looks like targeted espionage so far. If that's right, and if you're not a target (I don't expect small business and home users to be targets), then you're unlikely to be attacked.
The known features of the remote control software don't include sending email. If that gets confirmed it means that this won't embarrass you by turning your computer into a spambot.
What to do
The old advice "Don't open unexpected attachments" works for this threat. That includes unexpected attachments from people you know, attached to plausible-looking email. That's what all the security people will tell you, at least the ones who never got email from their boss ordering them to look at an attached Word document.
UPDATE 5/21:
Similar things have been going on stealthily, targeting government offices around the world. According to anti-virus firm F-Secure, there have been targeted Word attacks since 2005.
UPDATE 5/25:
I suspect this isn't worth the hassle unless we begin seeing widespread attacks, but Microsoft has published detailed instructions for a workaround.
|
Bad guys have discovered a security flaw in Microsoft Word 2003 that nobody else knew about. They are sending out Word documents which, when you open them, install remote control software that allows the bad guys to do all sorts of things. So far no antivirus software knows what to look for to detect this one, and it hides itself once it's in place. Because this is so new, you can install all existing security patches and still be at risk.
The Bad
There are no technical measures you can take to protect yourself, except maybe set up your firewall to block outgoing traffic to localhost.3322.org. That's where the remote control software "phones hone" to.
Nontechnical measures are also difficult. Booby-trapped Word documents are hitting people's inboxes attached to mail apparently from people they know, even with appropriate signatures.
It looks like a corporate espionage tool, which makes it more damaging than the everyday malware which "only" steals control of your computer.
The Good
The attack crashes Word 2000 but doesn't take over your computer. All you people who didn't want to upgrade are (everyone thinks) safe from this one.
This attack does not seem to be spreading all over. It looks like targeted espionage so far. If that's right, and if you're not a target (I don't expect small business and home users to be targets), then you're unlikely to be attacked.
The known features of the remote control software don't include sending email. If that gets confirmed it means that this won't embarrass you by turning your computer into a spambot.
What to do
The old advice "Don't open unexpected attachments" works for this threat. That includes unexpected attachments from people you know, attached to plausible-looking email. That's what all the security people will tell you, at least the ones who never got email from their boss ordering them to look at an attached Word document.
UPDATE 5/21:
Similar things have been going on stealthily, targeting government offices around the world. According to anti-virus firm F-Secure, there have been targeted Word attacks since 2005.
UPDATE 5/25:
I suspect this isn't worth the hassle unless we begin seeing widespread attacks, but Microsoft has published detailed instructions for a workaround.
# posted by Frederick @ 8:26 AM Email to a friend:
Haloscan: they provide trackback