Top News - Bkav Corporation

Do your best, the rest will come !

Rigged Word docs exploit 2008 bug, say researchers

03:31:00 | 12-04-2012

Computerworld - Chinese hackers hijacking PCs not patched with December fix

Attackers, probably based in China, are exploiting a December bug in Microsoft Word to hijack Windows PCs, Vietnamese security researchers warned today.

According to Nguyen Minh Duc, manager of Hanoi-based Bach Khoa Internetwork Security's (Bkis) application security department, rigged Word documents have begun to circulate as e-mail attachments. The malformed .doc files exploit one of the eight Word flaws fixed by Microsoft in December 2008 as part of the company's biggest patch batch in five years.

The holes in Word 2000, 2003 and 2007 for Windows, and Word 2004 and 2008 for the Mac, were plugged by the MS08-072 update.

When a malicious Word document is opened, the attack code executes successfully on machines with an unpatched copy of Word 2003. "If other Word versions are used in the computer, they are only crashed without any malicious code execution," Nguyen said in an e-mail. The malware drops a Trojan keylogger on the compromised computer to steal information, such as usernames and passwords.

BKIS suspected Chinese hackers are behind the exploit. "It is connected to a server with the domain name '8800.org' registered in China to receive commands," Nguyen said. "In the malicious e-mail, we also found charset="gb2312, [which] is Chinese charset."

Attacks exploiting vulnerabilities in Microsoft's Office applications are common. In February, Microsoft's security team acknowledged hackers were targeting an unpatched bug in Excel, and then earlier this month issued a similar warning about PowerPoint, the suite's presentation maker.

Microsoft patched the Excel bug last week as part of its regularly scheduled monthly security update.

Support for Word 2003, the version Bkis said is vulnerable to the new attack, shifted into what's called "extended" mode last week. Microsoft will continue to provide security updates for the application until April 8, 2014, but will no longer offer free nonsecurity fixes.

By Gregg Keizer - Computerworld

*Note: Bkis is the former trademark of Bkav. Since January 1^st, 2010, Bkav has been consistently used as the official trademark globally.

Others

The DEEP#GOSU virus campaign takes advantage of Google Docs and Dropbox to attack Windows users

LockBit ransomware virus attacks Windows Domain servers in Vietnam

5 million websites are at risk because of vulnerabilities in WordPress' LiteSpeed

Warning: using AI to create fake images and voices to scam money

Bug in Microsoft Outlook allows hackers to steal information and take control of devices

OPSWAT and Bkav signed a strategic partnership

Summary of cybersecurity in 2023 and forecast for 2024

Warning: Many Elknot virus variants appear targeting Vietnamese Linux servers

Bkav launches Bkav Pro 2024 with the orientation of expanding the global market

Applications impersonating government agencies to spread viruses on Android are highly active in Vietnam