Alert Raised For Ms Word Zero-day Attack

[stumonster]

A zero-day flaw in the ubiquitous Microsoft Word software program is being used in an active exploit by sophisticated hackers in China and Taiwan, according to warnings from anti-virus researchers.

Symantec's DeepSight Threat Analyst Team has escalated its ThreatCon level after confirming the unpatched vulnerability is being used "against select targets."

The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.

The SANS ISC (Internet Storm Center) said in a diary entry that it received reports of the exploit from an unnamed organization that was targeted. "The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software," said Chris Carboni, an ISC

article continued here ( http://www.eweek.com/article2/0,1895,1965042,00.asp )

also please think about this when you go to forward emails that are supposed to be funny etc. ( especially the power point files with the file extension .pps )

understand that when your computer has had a rootkit installed ( your box has been rooted ) it is very difficult to be able to trust it until it has been fully wiped , and rootkits are becoming more common.

[Totster]

( your box has been rooted )

totster