Malware creators cash on Olympic lovers

By siliconindia   |   Wednesday, 20 August 2008, 16:25 IST
Printer Print Email Email
Bangalore: Next time an Olympic invitation blinks on the system, its better to shun the urge to click, as it can be a malware. As Trend Micro, an internet security solution provider warns, these malicious files are designed targeting the Olympic lovers, whereby it attacks the MS Word, MS PowerPoint and MS Excel and allows hackers in remote corners to have a complete control over the affected system. The MS Word malware has a zero-day vulnerability as it immediately crashes the Microsoft Word 2000, 2002 and 2003 without sparing even its patched versions. These .DOC files are detected to be TROJ_MDROPPER.ZT. These files are zero-day exploits under vulnerability summary CVE-2008-2244 under the Common Vulnerabilities and Exposures (CVE) List of the U.S. Department of Homeland Security's US National Cyber Security Division. However, the Excel files and PowerPoint files, which are revealed to be TROJ_MDROPPER.ZY and TROJ_PPDROP.M, are yet not confirmed having zero-day vulnerability. According to Niraj Kaushik, Country Manager, India and SAARC, Trend Micro, "When exploited, the unspecified remote code-execution vulnerability could cause the application to crash." The email that is used for the attack contains attachments named attachment.doc, appeal_letter_of_fttj.doc,attend_the_opening_ceremony_of_the_29th_olympic_games_in_beijing.doc, five_resolutions.doc, or lingotto_con_fiat.doc.