Rootkit spreading via new MS Word exploit

Hi all,

watch out for MS Word docs in your inbox. Someone has found a new exploit in MS Word and is using it to spread malware that uses a rootkit to hide its files.

http://www.eweek.com/article2/0,1895,1965042,00.asp

regards
Zoned

 

To be honest, it is sad that a textfile like Word .doc files
can contain malware that can harm your computer.


I think it is very clever to design a textfile format that
can do this, no other company in the world has ever done this before!

In 35 years of making texteditors all over the world (hundreds of thousands versions), this was never done before!

So we ICT security specialists, don't have to worry, that we get out of work.
Now we have to wait, for someone that can exploit Wordpad or notepad.



So don't use the free version of OpenOffice!
or use the very cheap Ability office, or very cheap Star-Office or very cheap Ashampoo's etc.
Although you can do anything you have to with this software, and is compatible with all the other ones.
Don't use it. It is to fast , to stable, and get's us out of business.

So use the one that costs just as much as a new pc

(of course this is a joke)

 

Zero-day Word flaw used in attack
http://news.com.com/Zero-day Word flaw used in attack/2100-1002_3-6074403.html?tag=nefd.top
Microsoft is readying a security update for Word that repairs this vulnerability, a company representative said in an e-mailed statement. The fix is scheduled to be released as part of the June 13 security updates, or sooner, if warranted, the representative said.

The malicious software arrives as a Microsoft Word file attachment to an e-mail message. When the document is opened by the user, the vulnerability is triggered.

-- Tom

 

Strictly speaking, Word.doc files are formatted text which can execute code (remember the macro virus), whereas notepad.txt files are text-only files.

When I set up a system for someone, I install MSWordViewer. This free program lets people view .doc files, and will not execute code.

Then I configure the MIME types in the email program to pass .doc files to MSWordViewer instead of to MSWord. This is especially useful for those who receive .doc files via email as part of their work, as I have for years in my teaching, so as to receive/read students' Word.doc files without danger.

IMO, MSWordViewer should be a part of one's security aparatus.

http://www.microsoft.com/downloads/...87-8732-48D5-8689-AB826E7B8FDF&displaylang=en


________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

As one slashdot commentator noted:

 

That is an easy one for me to avoid, it's spam.

 

Hello,
Solution - use Open Office.
Mrk

 

I wonder if the office file viewer is vulnerable too

 

Thanks for all these info. I wish computing would be easy and simple in future.

 

What happens if you click on a word doc link directly from the web browser?

Will that work too?

 

I'd think it would be as it embeds word into IE doesn't it ?

 

You can configure the browser to pass .doc to MSWordViewer. The Viewer does not run code.

 

NOT IF you are protected by a good HIPS program that intercepts whatever call that little lame exploit might try to spring on you.

People need to turn to HIPS and really get off the pot with depending on obsolete softs that always allows most anything "NEW" to slip past these AV's and other products since they are useless and helpless to control the REAL control systems of Windows anyway.

 

I run MS Office in non admin mode and a good HIPS should be able to stop a driver from loading. But since I do not have a copy of the exploit, I do not know if the exploit can perhaps bypass these restrictions.

 

So which HIP programs actually stop this?