Now Microsoft Word users need to be extra careful while downloading files, as hackers have already targeted Microsoft Word 2003 exploiting zero-day vulnerabilities with a new Trojan horse named "Trojan.Mdropper.H".
Symantec, the leading desktop security vendor, has issued an alert on its home page regarding the vulnerability, asking users to be extra careful while opening any Word document received either by email or any other means. According to Symantec, opening an email attachment which appears to be a Word document actually opens the latest Trojan horse virus program, giving hackers access to users' PCs. When the document is opened by users, it triggers the vulnerability.
According to Symantec the attack originated in Asia, and now it appears that the attacks are targeted at large organizations but there could be a change in strategy.
Johannes Ullrish, chief technical officer, SANS Internet Storm Center, said that the attackers behind the latest Trojan horse might be operating out of China or Taiwan. The researchers have found Chinese characters in the malicious Word document, and the servers associated with the attack have been traced back to these countries.
The seriousness of the attack has been compounded by Microsoft's declaration that the company might require over three weeks to fix the vulnerability.
A Trojan horse does not make a copy of the virus or spread through the Internet like other viruses; it is directly distributed - often in the guise of useful and attractive downloads.
Vincent Weafer, senior director, Symantec Security Response, said that the targeted attack can bypass spam filters, and that Symantec's antivirus software is not as yet capable of detecting the particular Word file that is malicious. Symantec is looking at the vulnerability in terms of generic blocking.
To avoid this type of attack, Symantec recommends companies to limit users' privileges, and monitor outbound traffic. It also suggests companies to quarantine all the attachments for six to 12 hours, which will give the antivirus vendors the time to catch up with new threats.
Microsoft has committed to come up with a fix earliest by June 13, which still hackers a lot of time to hit vulnerable targets.