Hi malware fighters,
Only eight days passed since Microsoft patched a serious security hole in Visual Basic for Applications, and now a Trjan Horse appeared that uses this vulnerability. Trojan.Mdropper.N is a Trojan that is beings sent as a Word document like “syosetu.doc” , and via a “Document Check Buffer Overflow” in Visual Basic for Applications tries to put a file in system.
This file is a backdoor by the name of Backdoor.Tuimer, enabling the attacker to completely control the infected machine. This zombie than can be used to forward spam for instance.
According to Internet Storm Center the malware is only detected by a few virusscanners:
W97M/ProjMod!exploit (eTrust-Vet),
W32/Bgent.ZE!tr (Fortinet ),
Exploit-OleModule (McAfee),
Exploit:Win32/Ponaml.gen (Microsoft),
Trojan.Mdropper (Symantec),
TROJ_MDROPPER.BK (TrendMicro).
When does Avast detect this malware?
polonus