/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsEW DELHI, INDIA: While China hosts the 2008 Summer Olympics in the capital of Beijing from August 8 to August 24, 2008, malware authors are busy mounting attacks that play on this quadrennial sporting event, warns Trend Micro, India’s #1 security solutions company.
Reports have surfaced about a zero-day MS Word vulnerability affecting Microsoft Word 2000, 2002, and 2003. It is said to affect even patched versions of the popular word-processing application on certain MS Office versions.
Says Niraj Kaushik, Country Manager – India & SAARC, Trend Micro, “When exploited, the unspecified remote code-execution vulnerability could allow remote attackers to take complete control of an affected system, or cause the application to crash.”
Experts at Trend Micro’s TrendLabs have confirmed that there are malicious .DOC files spreading in the wild. They have also observed that these malicious files use the hugely popular Olympics to get more users to click on them. The samples that TrendLabs has come across are detected as TROJ_MDROPPER.ZT.
These files are zero-day exploits under vulnerability summary CVE-2008-2244 under the Common Vulnerabilities & Exposures (CVE) List of the National Cyber Security Division of the US Department of Homeland Security.
Warns Kaushik, “Among others, if you receive any email that has an attachment file named attachment .doc, appeal_letter_of_fttj.doc, attend_the_opening_ceremony_of_the_29th_olympic_games_in_beijing.doc, five_resolutions.doc, or lingotto_con_fiat.doc, be warned that opening it may make your computer vulnerable to attack. Besides TrendLabs has also reported Trojan samples of .XLS and .PPT circulating, all drawing correlation to the ongoing Olympics and the Tibet conflict.
The conflict relates to the Olympics as it has spurred pro-Tibetan parties to call for an Olympic boycott.” Trend Micro detects the malicious Excel file as TROJ_MDROPPER.ZY, and the PowerPoint file as TROJ_PPDROP.M. Unlike the Word file malware, these Excel and PowerPoint files are not confirmed to have zero-day vulnerabilities as yet.
Unless the users are aware of this threat vulnerability, the impact may be enormous, suggests Mr. Kaushik, “The Olympics event having such a big fan-following, the potential of people unknowingly getting lured into opening such Trojanized files is huge.
With 10, 708 athletes competing in 28 sports for 302 gold medals, the Olympics is the most prestigious affair of its kind, and as such commands a worldwide audience. It is thus expected that it will be included in malicious users’ arsenal of social engineering techniques.”
However, the threat by this Olympics malware can be contained, assures Kaushik, “Trend Micro Smart Protection Network has already got Trend Micro customers covered by blocking this threat. We urge Non-Trend Micro to beware of this particular attack and to use appropriate protection.”