Hackers Use New Zero-Day Word Exploit In Targeted Attack - InformationWeek
Software // Enterprise Applications
12:58 PM

Hackers Use New Zero-Day Word Exploit In Targeted Attack

Hackers used the vulnerability, which was confirmed Wednesday, to launch an attack against two employees at the same company earlier this month.

Hackers have already used a new zero-day flaw in Microsoft Word to launch targeted attacks against a specific company.

The vulnerability, which is a buffer overflow problem, affects Office 2000 and Office XP, according to Dave Marcus, a security research manager for McAfee Avert Labs. McAfee received a copy of the exploit from one of its antivirus users, says Marcus. It sent it to Microsoft on Feb. 9, and Microsoft confirmed on Wednesday that it is a new zero-day vulnerability.

This makes about half a dozen zero-day vulnerabilities to plague Microsoft Word since the beginning of January, notes Marcus.

Hackers used the then-unknown vulnerability to launch an attack against two employees at the same company earlier this month. "It was used in an extremely targeted attack," says Marcus, who wouldn't name the company, the industry it's in, or the type of work the employees do. "The attack was based on the role of the people being targeted. It was that targeted, that surgical."

Marcus adds that the attack, which wasn't successful, was aimed at stealing both personal and corporate information. "This is the Holy Grail of exploits," he says.

In the advisory that Microsoft posted online Wednesday night, analysts explain that a user has to open a malicious Office file attachment, such as a Word document, in an e-mail. If the file is opened, a Trojan or bot is downloaded onto the victim's computer, leaving it open for remote access, according to Marcus. The infected machine then could be used as a zombie, or part of a botnet, to send out spam or launch denial-of-service attacks.

The vulnerability was discovered recently, and it wasn't fixed in Microsoft's Patch Tuesday release, which included 12 patches and covered 20 vulnerabilities. In its advisory, Microsoft stated that it's working on a patch for the vulnerability.

Marcus says McAfee analysts haven't seen the exploit for this vulnerability circulating in the wild.

"It comes down to the fact that this is, essentially, how the bad guys try to steal data," he says. "They take the application and continually pound it to try to find vulnerabilities, and then they work on exploiting it. It's another zero-day, and we'll have plenty more of them later this year. The bad guys have gotten very effective at analyzing the code, and they keep doing it."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll