ARN

New Word attacks pose as news about Tibet

It's the usual drill, say security vendors, so be careful out there

New attacks using rigged Microsoft Word documents have been launched, a security company said Tuesday as it warned users to be leery of mail touting news about Tibet.

Phony e-mails purporting to contain news about Tibet and its government in exile are making the rounds, according to Trend Micro Inc., which explained that the messages carry attachments that are malformed Word documents designed to exploit a vulnerability in parsing the popular word processing system's file format.

When opened, the malicious documents deposit a Trojan horse on the victim's Windows PC, said Trend Micro in a post to its security blog.

Trend Micro said the names on the fake Word documents include the following:

  • CHINA';S [sic] OLYMPIC TORCH OUT OF TIBET 1.doc
  • 2007-07 DRAFT Tibetan MP London schedule.doc
  • DIRECTORY OF TIBET SUPPORT GROUPS IN INDIA.doc
  • Disapppeared [sic] in Tibet.doc
Another security firm, Symantec, confirmed the new attacks but said that it has received only "a small number" of submissions from customers regarding the exploit.

"This social engineering technique has been seen before," said Trend Micro researcher Jake Soriano on the TrendLabs Malware blog. "In October, a Trojan rode on the newsworthiness of the monk-led protests in Myanmar ... arriving as an attachment to spam [that] purported to be a message of support from the Dalai Lama to the monks."

Symantec repeated the long-standing advice that users consider banning Office documents that originate from unknown senders and exercise caution in dealing with unsolicited e-mails, particularly those with attachments.

Microsoft has patched Word several times in the past two years -- most recently in May 2007, when it holes in the way the application handles documents. The company has also been promoting its newest suites, Office 2007 for Windows and Office 2008 for Mac, as being more secure on the file format front than their predecessors, and it has locked down Office 2003 by limiting the number of formats users can open.

State of the IT Channel 2012: Register your view and win a Toshiba tablet!

Come socialise with us! Facebook | LinkedIn

More about: Microsoft, Symantec, Trend Micro
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
ARN Directory | Distributors relevant to this article
Anyware Computer Accessories , Aquion , ASI Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Express Data , Express Online , Impact Systems Technology , Ingram Micro Australia , Leader Computers , Leading Pacific Australia , Lynx Technologies , NewLease , Simms International (For Simms International please see Express Online) , Synnex Australia , Topstar Computer International , Westan , XiT Distribution , Xpress I.T.
ARN Directory | Vendors relevant to this article
Symantec
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/aca-pacific/398_abbyy-finereader-11-intelligent-ocr-software-f
ACA Pacific

ABBYY FineReader 11 - Intelligent OCR software for document conversion.

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.