Word flaw opens door to Trojan horse
Published: 15 Jun 2001 08:31 BST
A month-old flaw in Microsoft Word has opened up PCs to attack by a new Trojan horse, antivirus researchers said on Thursday.
Dubbed "Goga," the malicious code poses as a Word document saved in rich text format but actually reaches through the Net to run a Word macro -- a small program that runs within the application -- saved on a Russian Web site.
"While this is not a danger to the general public, it could be a danger to somebody if there is a direct mailing to them," said Jimmy Kuo, a researcher at security software maker Network Associates.
The Trojan horse appears as text file in the rich text format, or RTF, attached to an e-mail, according to British antivirus software company Kaspersky Labs, which first found the malicious program.
When opened, the RTF file will link back to a Word template file on a Russian Web site. The file contains a macro, which will steal and upload information regarding the victim's log-in and password to the guest book of a second site. An investigation of that site found only one record of any information, indicating the Trojan horse is not widespread.
By using a macro saved in a template hosted on another computer, the Trojan horse is able to fool Windows into letting the macro run, rather than flagging it as potentially dangerous code.
Outlined in a Microsoft advisory a month ago, the technique bypasses normal Windows security against such malicious programs.
"Normally, you could hit someone very easily only if their security settings were low," Kuo said. "By using this technique, you can bypass the security level."
Kuo stressed that Goga doesn't appear to be a worm or a virus, as it doesn't spread from computer to computer. He added, however, that the code does show that consumers can't trust attachments.
"There is no safe way to assume what" an e-mail attachment really is, he said.
Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
25 out of 68 people found this useful
- Share this article:
