Register a free account
ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Security Alerts and vulnerabilities
Reload this Page Watch the Exploit: A Targeted Attack Video
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 02-08-2007, 12:25 AM
Symantec's Avatar
Symantec Symantec is offline
Senior Member
  
Join Date: Oct 2006
Posts: 300
Watch the Exploit: A Targeted Attack Video
Watch the Exploit: A Targeted Attack Video
<p>We've been getting a lot of requests from people asking what it looks like when your computer is compromised by one of these <em>very limited targeted attacks</em> that involves any of the recent MS Word zero-day vulnerabilities. A targeted attack begins with an incoming email that has a .DOC file attached; a very common event that happens to almost everyone every day. The email sender looks legitimate (it's spoofed of course!) and the document name is selected to appeal to the recipient. For example, if the targeted user is an accountant, then the document would look like a tax certificate or an invoice. For members of governments, it could appear to be an important communication from a Minister. For finance brokers, a stocks ****ysis and so on...</p>

<p>Targeted attacks are not intended for the masses, so we're never going to see the usual "Very exciting greeting postcard.exe" attached to those emails. But the big question is: what happens when someone opens the malicious MS Word file? Usually, users don't see much happen and that is the point of these targeted attacks! Nevertheless, here is an interesting <a href="http://www.youtube.com/watch?v=x1OF1BH0HhM">video</a> of a machine being compromised by the latest unpatched zero-day vulnerability related to MS Word 2000 (<strong>CVE-2007-0515</strong>) and exploited by <strong>Trojan.Mdropper.W</strong>.</p>

<p><a href="http://www.youtube.com/watch?v=x1OF1BH0HhM"><img alt="attackvideo.jpg" src="http://www.symantec.com/enterprise/security_response/weblog/upload/2007/01/attackvideo.jpg" width="370" height="292" /></a></p>

<p>The vulnerability is exploited with no crash of MS Word, but within a few seconds the shellcode drops an executable and opens a clean legitimate document (with some real content) that deceives the user. The only thing that "smart" users can notice is a kind of "flickering" of MS Word. This is because the malicious code has to terminate and then re-execute the MS Word application with the new clean .DOC. This "flickering" happens very quickly and is more clearly demonstrated on the <a href="http://www.youtube.com/watch?v=x1OF1BH0HhM">video</a> mentioned above. To protect yourself, you should apply all the latest patches for Office and be extremely careful with documents received by email since there are now four unpatched vulnerabilities for MS Word!</p>
http://www.symantec.com/enterprise/security_response/weblog/2007/01/watch_the_exploit_a_targeted_a.html
http://www.symantec.com/enterprise/security_response/weblog/2007/01/watch_the_exploit_a_targeted_a.html
Wed, 31 Jan 2007 05:30:13 -0800
Reply With Quote
Sponsored Links

Reply

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 08:20 PM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright © 2004-2007 Cyberanswers.org All rights reserved