Backdoor Worm Targets Vulnerability in Microsoft Word

By | September 8, 2006

New variant of a Trojan Downloader is actively exploiting a recently found vulnerability in Microsoft Word 2000, informs Security Experts at MicroWorld Technologies. The malware infection is caused when the victim opens an infected Word 2000 file in Windows 2000.

The flaw is associated with a forced Memory Corruption error in the text editing software. A Trojan Dropper named ´Win32.Mdropper´ exploits this vulnerability when you download and open a specially crafted Word file carrying this malware, and proceeds to drop ´Worm.Mofeir´, a network worm with Backdoor capabilities.

Worm.Mofeir then opens a backdoor channel to contact the remote attacker. Using the backdoor, the intruder can open a terminal access to the system, download code from the Internet and run, send and delete files.

Dinesh Shah, Product Manager at MicroWorld, says there was a similar attack in May 2006, by a Backdoor named Ginwui.A via MS Word files and more recently another one called Win32.Papi that found its way to user computers through Japanese text editing application Ichitaro. He urges computer users not to open MS Word files from unknown senders until Microsoft releases a patch for the flaw, as there can be fresher attacks targeting it.

Leave a Reply