Join our Mailing List

"I believe that to meet the challenges of our times, human beings will have to develop a greater sense of universal responsibility. It is the foundation for world peace."

New Word attacks pose as news about Tibet

January 31, 2008

Gregg Keizer

January 29, 2008 (Computerworld) New attacks using rigged Microsoft Word
documents have been launched, a security company said today as it warned
users to be leery of mail touting news about Tibet.

Phony e-mails purporting to contain news about Tibet and its government
in exile are making the rounds, according to Trend Micro Inc., which
explained that the messages carry attachments that are malformed Word
documents designed to exploit a vulnerability in parsing the popular
word processing system's file format.

When opened, the malicious documents deposit a Trojan horse on the
victim's Windows PC, said Trend Micro in a post to its security blog.

Trend Micro said the names on the fake Word documents include the following:

     * 2007-07 DRAFT Tibetan MP London schedule.doc
     * Disapppeared [sic] in Tibet.doc

Another security firm, Symantec Corp., confirmed the new attacks but
said that it has received only "a small number" of submissions from
customers regarding the exploit.

"This social engineering technique has been seen before," said Trend
Micro researcher Jake Soriano on the TrendLabs Malware blog. "In
October, a Trojan rode on the newsworthiness of the monk-led protests in
Myanmar ... arriving as an attachment to spam [that] purported to be a
message of support from the Dalai Lama to the monks."

Symantec repeated the long-standing advice that users consider banning
Office documents that originate from unknown senders and exercise
caution in dealing with unsolicited e-mails, particularly those with

Microsoft Corp. has patched Word several times in the past two years --
most recently in May 2007, when it holes in the way the application
handles documents. The company has also been promoting its newest
suites, Office 2007 for Windows and Office 2008 for Mac, as being more
secure on the file format front than their predecessors, and it has
locked down Office 2003 by limiting the number of formats users can open.
CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665
Developed by plank