The Internet Storm Center is reporting a new zero day vulnerability in Microsoft Word. We don’t yet know if the exploit is being widely used. However, early reports indicate a limited, targeted, attack.
Malware which spreads via email is exploiting the vulnerability as a specially crafted MS-Word .DOC attachment.
If the attachment is launched, this triggers a process which results in a backdoor being installed.
We know of a case where the attacker designed the email to fool the recipient into thinking the message was from a co-worker. At the moment, we’re only aware of one business, and maybe 5-10 people within that business, who have been targeted. Yes, it’s a new vulnerability, and new malware targeting that vulnerability, but as far as we know, it’s not being widely exploited at the moment.
We’ve released detection for the malware, a dropper and backdoor. As ever, users should update their databases as soon as possible. Kaspersky products will detect the dropper as Trojan-Dropper.MSWord.1Table.bd, and the backdoor as Backdoor.Win32.Gusi.a.
We’ll post more information once we’ve conducted a detailed analysis.