It`s not often we hear of flaws in Microsoft Word with all the IE attacks dominating the MS flaw scene. MicroWorld Technologies has identified a new vulnerability affecting Word XP and 2003. It is being used in a zero-day attack as a combination of a Trojan and a backdoor.
Named "Trojan-Dropper.MSWord.1Table.bd", it spreads via targeted e-mails, reportedly originating in China and Taiwan, and slips onto the user`s computer once an attachment is opened.
This backdoor opens a channel connecting the user`s PC to the attacker, which receives and executes commands. With its rookit capability, this backdoor can smartly hide itself too.
This flaw has already been identified by MS, which will be releasing a patch soon. In the meantime, users are urged not to open any unknown attachment and run Windows in safe mode.
As the worm turns
A new worm spreads through Yahoo Messenger contacts, prompting users to visit a bogus site through IE explorer, resulting in the installation of spyware on their machines. The worm, labelled yhoo32.explr, confuses the user by installing a program named "Safety Browser" and using the IE icon.
This worm is said to be the first recorded incidence of malware installing its own Web browser on a PC without the user`s permission.
Spammers stymied
Credit card fraudsters have formulated a way to get money out of sponsors of junk mail campaigns.
Ilva Pieterse, ITWeb contributor
Credit card fraudsters have formulated a way to get money out of sponsors of junk mail campaigns. They have been signing up as affiliates to bulk mail campaigns, but instead of sending out the mail, they are using stolen credit cards to make purchases from the sponsors, such as online pharmacies.
The card fraudster then claims back between 40% and 50% of the "sales" generated, getting off scot free.
The spam mail sponsors are the ones who lose out due to charge backs. Although it may seem their sales are going through the roof initially, once the purchases are identified as fraudulent, the sponsor has to pay high merchant fees and stand the chance of being identified as a dubious business.
MSN Billing Phisher
A US man, termed the MSN Billing Phisher (Jayson Harris), has been jailed for 21 months. This comes after he was identified by the FBI for running a phishing Web site between January 2003 and June 2004.
The Iowa man had been sending e-mails to MSN subscribers which attempted to trick them into surrendering their personal details.
Although it`s unlikely he made any money out of the scam, since he only tried to make use of three sets of credit card details, Harris was also ordered to pay $57 000 to cover the cost incurred during the investigation of the case.
Sources used: SearchSecurity, The Register, MicroWorld Technologies
Share