Several anti-virus companies have identified a new unspecified attack against Microsoft Word. It is currently being to drop a backdoor trojan onto the target. Once infected the computer attempts to connect to a server in China (localhost.3322.org).
Symantec has tagged the new backdoor as Backdoor.Ginwui. Norton detects the dropped trojan as Trojan.Mdropper.H - but this is expected to change in my view. This dropped trojan could be replaced in the future with a new altered trojan that is not detected.
Some people are using the term 0-day, but until more information is known, I don't want to use that.
Remember that Microsoft patched several Office remote code execution bugs in MS06-012.
No comments:
Post a Comment