Another zero-day vulnerability in Microsoft Word has been identified, MessageLabs reported on Tuesday.
The new, unannounced vulnerability was exploited in an e-mail attack aimed at a few large corporations, Alex Shipp, an engineer withMessageLabs, told TechNewsWorld.
Targeting Industrial Espionage
The attack — consisting of three copies of malware sent to high-profile executives — only lasted four seconds. Its goal appeared to have been to access confidential information on the targeted computers.
The attack e-mails were sent from a Yahoo e-mail account that the attacker accessed via a mobile device CDMA link — an unusual permutation designed to hide one’s identity.
The vulnerability can corrupt a PC’s memory and allow the attacker to gather information about the target system. It then can run unauthorized software on that system. This system data is sent via e-mail to the perpetrator of the exploit, accordingto MessageLabs.
Industrial espionage has been a growing focus for hackers, said the firm. Over the past 18 months, it has been tracking three gangs of criminals involved in similar attacks. The latest Microsoft Word attack does not fit any of the known patterns, though, and is likely to be the work of a new group of criminals, said MessageLabs.
nCircle’s CTO Tim Keanini told TechNewsWorld that a virus has two very commonly used entry points to exploit: e-mail and being downloaded as a Word document from a Web site.
Users should take precautions with Word until Microsoft develops a patch, he advised.
Though reports indicate that only large companies have been targeted, it is possible that more systems have been infected and users either do not know it or have not reported it yet. “Large companies have domain expertise in this area and know when they are infected,” Keanini said.
Initial reports of at least one of Word’s vulnerabilities suggested there is a potentially large universe of victims.
The vulnerability affects Word 2000, 2002, 2003, Word Viewer 2003, Word 2004 for Mac, and Word 2004 Version X for Mac. The free applications in Microsoft Works — versions 2004, 2005 and 2006 — are also vulnerable.