Trojan.Mdropper.Q / Email Attachment Practices / Word 2000 0-day
Thanks to frequent reader Juha-Matti Laurio for sending us a note about Trojan.Mdropper.Q and the previously undiscovered Microsoft Word 2000 vulnerability that comes with it. Trojan.Mdropper.Q activates when a file containing it is opened, and then installs a backdoor on the machine. Fortunatly as with most Office vulnerabilities a user has to actually open the file before the trojan can be activated. Generally my advice to users is not to open files that they are not expecting even if they know the person that sent the file, but this one has made me curious, what do other system admins recommend to their users? Do you have a policy on email attachments? Is this policy automaticly enforced?
Update #1
It appears Symantec has updated their site to include the size of the Trojan: 79,265 bytes. Happy Antivirus updating!
Update #2
Juha-Matti writes to tell us that Securiteam has posted an entry about this vulnerability on their blog. Check out their post here. Mcafee is calling this one W32/MoFei.worm.dr, and has a writeup about the Trojan here. It is still unknown as to what vulnerability this is exploiting.
Update #3
Microsoft published some news about the "0-day" in MS Word here. They offer two pieces of advice.
1) Don't open Word files from people you don't know. (This goes back to not eating candy until your parents look at it at Halloween, and not opening the door for strangers.)
2) Use Word 'viewer'.
Of course Microsoft publishes great "Suggested Actions".
Protect your PC by enabling a firewall (which, btw, does not keep Word files out)
In fact one of Microsoft's suggested actions is: "Keep Windows Updated"... we'd love to. If there was a fix for the problem!
Let's hope they get it patched as soon as possible.
Update #1
It appears Symantec has updated their site to include the size of the Trojan: 79,265 bytes. Happy Antivirus updating!
Update #2
Juha-Matti writes to tell us that Securiteam has posted an entry about this vulnerability on their blog. Check out their post here. Mcafee is calling this one W32/MoFei.worm.dr, and has a writeup about the Trojan here. It is still unknown as to what vulnerability this is exploiting.
Update #3
Microsoft published some news about the "0-day" in MS Word here. They offer two pieces of advice.
1) Don't open Word files from people you don't know. (This goes back to not eating candy until your parents look at it at Halloween, and not opening the door for strangers.)
2) Use Word 'viewer'.
Of course Microsoft publishes great "Suggested Actions".
Protect your PC by enabling a firewall (which, btw, does not keep Word files out)
In fact one of Microsoft's suggested actions is: "Keep Windows Updated"... we'd love to. If there was a fix for the problem!
Let's hope they get it patched as soon as possible.
Keywords:
0 comment(s)
Media sanitization NIST website
Yesterday's Diary had a article on Media Sanitization that linked to NIST guidelines, questioning conventional wisdom with regards to media sanitization policies. Yesterday, NIST was having a few problems with their web server, but the guidelines are now back online for your viewing pleasure.
Keywords:
0 comment(s)
×
Diary Archives
Comments
www
Nov 17th 2022
4 months ago
EEW
Nov 17th 2022
4 months ago
qwq
Nov 17th 2022
4 months ago
mashood
Nov 17th 2022
4 months ago
isc.sans.edu
Nov 23rd 2022
3 months ago
isc.sans.edu
Nov 23rd 2022
3 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
2 months ago
isc.sans.edu
Dec 26th 2022
2 months ago