Can a Word document contain malware?

Discussion in 'malware problems & news' started by tommyp, Aug 26, 2010.

Thread Status:
Not open for further replies.
  1. tommyp

    tommyp Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    6
    If so, how do I check and how can I prevent it?

    Regards
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Yes, a MSWord document, or other MSOffice documents, can contain malware. Here is an example:

    http://www.urs2.net/rsj/computing/tests/rtf

    As far as checking: all one could do would be to scan the document and hope that it had already been flagged by the scanner.

    Other preventative measures:

    • Avoid opening unsolicited documents

    • Have protection in place to prevent malware executables from running, in a worst-case scenario.


    ----
    rich
     
  3. tommyp

    tommyp Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    6
    Hi

    That link does not seem to work on my PC. Can you say what it is about?

    Thanks
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Those fake UPS emails contain an exe that has a word document icon to try and trick people into opening it for a look then they get hit with a rogue AV.

    Haven't seen one in a while though?
     
  5. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Rmus's link works fine for me, so ?

    It's not just Word .doc's either. PDF's etc too.

    Get AntiExecutable software as Rmus alluded to :thumb:

    If you do a search on here for it, you should find quite a few, including free ones.

    Both Rmus and i use one, not the same but both are very good :)
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Since 'Melissa' was a macro virus, technically it was not a worm, since not a stand-alone program.

    By the OP's post, using the word "contained," I assumed a stand-alone program (executable) embedded inside the document.

    Macro viruses aren't seen these days, since they are so easy to protect against. Most AVs flag them immediately, and the Office programs allow for macros to be configured to run manually, rather than automatically.

    Note that the DLL hijack vulnerability is using PowerPoint, and possibly can be used in other Office programs. In this exploit, the Office file doesn't contain the malware, rather, just triggers the loading of another stand-alone executable.

    While seemingly picky points, understanding how the exploit works reveals how proactive security strategies can prevent the exploit from succeeding.

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.