Global Secure Systems - Trend Micro's TrendLabs Identify Malicious Files Spreading in the run up to the Beijing Olympics 2008

Home

Affiliated Sites and Services

• Team Mermaid
• GSS Ireland

• 2010
• 2009 Archive
• 2008 Archive
• 2007 Archive
• 2006 Archive
• 2005 Archive
• 2004 Archive
• 2003 Archive
• 2002 Archive

• January
• February
• March
• April
• May
• June
• July
• August
• September
• October
• November
• December

About RSS feeds

Trend Micro's TrendLabs Identify Malicious Files Spreading in the run up to the Beijing Olympics 2008

Trend Micro's TrendLabs have confirmed that malicious .DOC files have been spreading in the lead-up to the Beijing Olympics next month. According to Trend Micro's official Trend Labs Malware blog, malware authors are busy mounting attacks that play on the sporting event.

Reports have surfaced about a zero-day MS Word vulnerability affecting Microsoft Word 2000, 2002, and 2003 which is said to affect even patched versions of the popular word-processing application on certain MS Office versions. When exploited, the unspecified remote code-execution vulnerability could allow remote attackers to take complete control of an affected system, or cause the application to crash.

TrendLabs experts confirm that these are spreading in the wild, adding the following observation: these use the imminent Olympics to get more users to click on them.

The samples that TrendLabs has come across are detected as TROJ_MDROPPER.ZT and have the following file names:

• attachment.doc
• appeal_letter_of_fttj.doc
• attend_the_opening_ceremony_of_the_29th_olympic_games_in_beijing.doc
• five_resolutions.doc
• lingotto_con_fiat.doc

These files are zero-day exploits under CVE-2008-2244.

TrendLabs has seen more than just trojanized Word files; there are also trojan samples of .XLS and .PPT circulating, all having to do with the Olympics and the Tibet conflict, which relates to the Olympics as it has spurred pro-Tibetan parties to call for an Olympic boycott.

Trend Micro has detected the malicious Excel file as TROJ_MDROPPER.ZY, and the PowerPoint file as TROJ_PPDROP.M. However, it is important to note that these files have not been confirmed to have zero-day vulnerabilities as of yet.

With 10,500 athletes expected to compete in 28 sports, the Olympics is the most prestigious affair of its kind, and as such commands a worldwide audience. It is thus expected that it will be included in malicious users' arsenal of social engineering techniques.

Trend Micro Smart Protection Network protects Trend Micro customers by blocking this threat but we would advise users to also be extra careful online. We also urge non-Trend Micro users to beware of this particular attack and to ensure appropriate protection for their data and files.

Permalink Bookmark Digg this story

  |  About RSS feeds