Microsoft Word flaw exploited by Chinese cyberattackers
Friday, April 24, 2009
Researchers from a Vietnamese network security firm have reported that hackers based in China have begun to exploit unpatched flaws in Microsoft Word to take control of PCs, according to Computerworld.com.
The researchers said rigged Word documents circulating as email attachments exploit one of the eight Word flaws fixed by Microsoft's December 2008 patch package. Vulnerable programs include Word 2000, 2003 and 2007 for Windows and Word 2004 and 2008 for the Mac, which were fixed by the December update.
When a use opens the corrupted .doc attachment, the attack code executes successfully on machines with an unpatched copy of Word 2003. The malware uploads a Trojan on the user's PC for stealing information, Computerworld reported.
The researchers said evidence points to Chinese hackers being responsible for the attacks - the malware is connected to a server with the domain name registered in China and the malicious emails have a Chinese charset, reported Computerworld.
Security experts have grown increasingly worried about the threat from Chinese hackers, who are suspected of recent attacks on U.S. Department of Defense networks.

Related News:
Network security update not responsible for crashes - 2.24.2010 Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010 Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010 The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010 Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
Report: 'At least 34' firms attacked at the same time as Google - 1.15.2010 The Washington Post asserts that many U.S. companies were targeted in the same network security and email breach that affected Google and provoked the company's highly publicized spat with the Chinese government.
|