Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

IT Blogwatch

A Daily Digest of IT Blogs from Richi Jennings

MS zero-day Word exploit (and Moscow poli-tecture)

12 comments

Monday again? At least you have IT Blogwatch, in which Microsoft warns about a new zero-day Word vulnerability. Not to mention what might have been in Moscow...

Uh-oh. All aboard the vulnerability train, reports Paul Roberts: "Antivirus companies and the SANS Internet Storm Center (ISC) issued a warning today about sophisticated e-mail attacks that are using a previously unknown hole in Microsoft Word to infiltrate corporate networks ... The warning came as monitors at the ISC detailed "limited targeted attacks," originating from China and Taiwan, against an unnamed company. The attacks used Word attachments to install Trojan horse programs on corporate networks ... being used to distribute a Trojan horse called Oscor-B [or] W32/Ginwui.A ... The attacks [are part of] a series of sophisticated, very targeted attacks against large European corporations in recent months. All have used Word file attachments to install malicious programs on corporate networks. The attacks, sometimes referred to as "spear phishing" attacks, use e-mail messages that appear to come from within a company, with spoofed sender addresses and even faked corporate letterhead information. The messages are sent to employees within the company, who are tricked into opening an attachment they believe is from a colleague ... Until signatures are developed for the latest Word exploit, gateway and desktop antivirus software will not be able to detect it ... Attacks that target applications are becoming more common."

» Koon Tan writes in the ISC's Handler's Diary: "Most anti-virus vendors have already come out with signatures to detect the malware exploiting MS Word vulnerability ... At your firewall and IDS, you may want to monitor outbound traffic going to these domains, as this may be an indication of compromised hosts: 3322.org scfzf.xicp.net. If you are filtering Word attachment at your gateway, it should be based on Word file type and not just on file extension ... US CERT has released an security alert on Microsoft Word Vulnerability."

» Swa Frantzen adds: "Detection is mostly the very hard part in these attacks. This case seems to have been detected by a very alert user detecting a domainname in an email that wasn't completely right. That user detected an email coming in that originated from a domain that looked like their own, but wasn't their own (actually only had an MX record in it). The email was written to look like an internal email, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software ... This kind of attack is new, and so must the response be. The group originating these attacks does so in a very targeted fashion. The document is crafted to target a specific organization, containing specific elements that deal with just that one organization. If you don't work for them, you are very unlikely to ever see this. Proof of how rare it is, are the number of requests for samples we got from companies like anti-virus vendors."

» David Hunter: "The net is that any Word 2003 document you receive from external sources should be viewed with suspicion until Microsoft provides a fix."

» Stephen Toulouse writes from MS's SRC: "We’re hard at work on an update ... So far, this is a *very* limited attack, and most of our antivirus partners are rating this as 'low'. But we’re working to investigate any variants we might see to make sure detection is out there, as well as working on the update to address the vulnerability."

» Winston: "A patch is being developed by Microsoft and is expected to be released on June 13th, the next scheduled patch Tuesday."

» Scott Waters calls for a quicker fix: "Don’t you feel better that Microsoft will fix this in a few weeks? There’s no mention that this particular nasty won’t effect Macs at all. But it’s still a good idea not to ever use MS Word, just to be safe and prevent any accidental loss of rational faculties that may be caused by bad software."

Buffer overflow:

Around the Net

Around Computerworld

And finally... What might have been in Moscow -- if they hadn't had second thoughts

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk. Also contributing to today's post: Judi Dey, our very own Antipodean.

Email this

Digg this

What People Are Saying

Add new comment

And the rest think thay have

Submitted by recruiter on November 9, 2006 - 12:44 P.M.

And the rest think thay have more robust applications than Microsoft. The reason why IE MS Word etc are known to be vulnarble to hackers is because everybody is using them

Report this comment

Microsoft should pay more

Submitted by Zouderas on May 23, 2006 - 9:40 A.M.

Microsoft should pay more attention as far as security issues are concerned with their products and not leaving holes here and there!

Report this comment

Enterprise will never

Submitted by Chris on May 22, 2006 - 10:59 P.M.

Enterprise will never actually abandon word, we'll just have to live with it.

Chris @ http://crm-filter.com a crm software blog.

Report this comment

You'd think the world was

Submitted by Anonymous on May 22, 2006 - 7:13 P.M.

You'd think the world was ending. How about a *simple* solution - like associating Word documents with the free MS Word reader? If you want to simply read something, it will always open in the reader program (which can't run macros). If you want to edit a doc (who would be editing a doc sent to them via email, before reading it?) you right click, and choose "open with". This isn't rocket science folks...

Report this comment

well, ms says they are

Submitted by fadestyle on May 22, 2006 - 3:52 P.M.

well, ms says they are improving things. hmmm... this is only my assessment. the only thing ms is working on is torturing the legit buyer into activating and re-activating over and over again after every install and hardware upgrade and seems that security is the last thing on their greedy little minds. they are seriously going to activate there self right out of the pc homes. it is only the legit buyers, not the hackers and piraters that must re-activate. matter of fact if you hack your winxp, there is no need to activate. as soon as there becomes support for the programs and needs in other operating systems, i will be moving on and i think most people i have asked that same question will follow that trend. learn from apple, no activation.
-fadestyle

shamless plug: click on homepage for really cheap cd/dvd media

Report this comment

We hard at work developing

Submitted by Anonymous on May 22, 2006 - 3:23 P.M.

We hard at work developing solutions to address this issue.
---
The Umbrella Corporation

Report this comment

Macs are not immune to

Submitted by Anonymous on May 22, 2006 - 3:07 P.M.

Macs are not immune to viruses. If you'd been paying attention the past few weeks/months you'd know that. If not, check Secunia.

If you had your wish and everyone used Macs, that's where you'd see the majority of viruses. Of course a whole lot less work would get done but that's another story...

The only protection against these attacks, regardless of platform or software used, is vigilance. Get used to dealing with this stuff because it isn't going away in your lifetime.

Report this comment

i is as stupids as you

Submitted by Anonymous on May 22, 2006 - 1:11 P.M.

i is as stupids as you people!!1

haha trojan = condom = sex = pc users get fd and mac users are virgins

Report this comment

get a linux

Submitted by Anonymous on May 22, 2006 - 12:46 P.M.

get a linux

Report this comment

Hilarious and Kley.. How old

Submitted by Anonymous on May 22, 2006 - 12:36 P.M.

Hilarious and Kley..

How old are you kids?

Report this comment

Today's Top Stories

Microsoft confirms IE6, IE7 zero-day bug

iPhone worm steals online bank codes, builds botnet

Update: HP reports solid Q4 on services growth

PC market crash averted, says Gartner

Jolicloud eyes Chrome OS's thunder

Is federal stimulus money being used for IT hardware, not hiring?

Hot Posts

Chrome's mission: Making Windows obsolete

Posted by Steven J. Vaughan-Nichols | 112 comments

Apple voids Applecare warranty for smokers!

Posted by IT Blogwatch | 16 comments

Google Phone is actually a VoIP phone?

Posted by Seth Weintraub | 7 comments

White Papers & Webcasts

Data Manager Report Excerpt: File System Inventory
Cut storage costs and boost operational efficiencies.

Key Strategies for Managing Data Growth
What are you storage challenges?

Reducing Storage Costs with F5 ARX
Save money- deploy ARX Solutions.

Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!

Southern Company
Download Now

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

IT Blogwatch's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

Return on Information: Google Enterprise Search pays you back. Get the facts.

How Do You Rank as an Innovation Leader? Download Recent Study.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

Stay informed with custom newsletters from Tech Dispenser

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial

Play NetApp's New Data Defense Game.

Take the Netezza TwinFin TestDrive!

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

MS zero-day Word exploit (and Moscow poli-tecture)

What People Are Saying

And the rest think thay have

Microsoft should pay more

Enterprise will never

You'd think the world was

well, ms says they are

We hard at work developing

Macs are not immune to

i is as stupids as you

get a linux

Hilarious and Kley.. How old

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

IT Blogwatch's Archive

IT Topics

Sponsored Links