Word flaw turns PC into zombie

Hi malware fighters,

Only eight days passed since Microsoft patched a serious security hole in Visual Basic for Applications, and now a Trjan Horse appeared that uses this vulnerability. Trojan.Mdropper.N is a Trojan that is beings sent as a Word document like “syosetu.doc” , and via a “Document Check Buffer Overflow” in Visual Basic for Applications tries to put a file in system.

This file is a backdoor by the name of Backdoor.Tuimer, enabling the attacker to completely control the infected machine. This zombie than can be used to forward spam for instance.

According to Internet Storm Center the malware is only detected by a few virusscanners:

W97M/ProjMod!exploit (eTrust-Vet),

W32/Bgent.ZE!tr (Fortinet ),

Exploit-OleModule (McAfee),

Exploit:Win32/Ponaml.gen (Microsoft),

Trojan.Mdropper (Symantec),

TROJ_MDROPPER.BK (TrendMicro).

When does Avast detect this malware?

polonus

You’ve got the point… They’re improving but we’re hungry for the best 8)
Hope we can see it in the VPS history tomorrow…

Only eight days passed since Microsoft patched a serious security hole in Visual Basic for Applications, and now a Trjan Horse appeared that uses this vulnerability.
If your system is up-to-date, you don't have to worry about it. :)