Symantec researchers said they were tipped off when they realized the malware document wasn't in OLE format.
When Tuesday is patch day, Microsoft's monthly vulnerability fixing ritual, Wednesday almost certainly becomes exploit day.
So it was yesterday, when Symantec security researchers reviewed a Microsoft Word document that caused the application to crash when opened. That's because the Word file contained exploit code and other malware.
What's different about this particular exploit is that it was made on a Macintosh computer.
"We tried using various combinations of Word versions, patches, and languages, and in each case (with the exception of Office 2007), opening the document would cause Word to crash," said Orla Cox, a Symantec Security Response engineer, in a blog post. "After taking a closer look, we could see that the document contained shell code and three other pieces of malware. What was interesting about the document was that it wasn't in OLE format, meaning that it wasn't a standard Microsoft Office document. After some investigation we determined that the document had actually been created using Word for Macintosh."
Microsoft Security Bulletin MS07-060, issued on Tuesday, identifies a Word memory corruption vulnerability in Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, and Microsoft Office 2004 for Mac that could allow code to be executed by a remote attacker.
"It seems that the trend for exploiting vulnerabilities around the same time as Patch Tuesday continues," said Cox, noting that Microsoft itself had confirmed the existence of this exploit in the wild.
Ben Greenbaum, senior researcher at Symantec Security Response, said the fact that the exploit was created on a Mac wasn't really relevant and didn't demonstrate any inherent weakness in the Mac platform with regard to security. In fact, he said that using a Mac version of Microsoft Word served to limit the effectiveness of the exploit because "many installations in the field won't open the file."
As Cox explained, "The good news is that the default configuration in Microsoft Office 2007 and Office 2003, Service Pack 3, will not allow you to open some older Office file formats, including Office for Macintosh documents."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.