Spammers and scammers have already used the public's fear and curiosity about the avian flu to spread their schemes, but now hackers have turned to the trick, a security company warned Thursday.
A new Trojan horse, dubbed "Navia.a" by Panda Software, uses subject heads of "Outbreak in North America" and "What is avian influenza (bird flu)?" to dupe recipients into opening an attached Microsoft Word document.
That's when Navia.a goes old school: the Word document is infected with malicious macros.
One of the macros makes several Windows kernel calls to allow the Trojan to create, change, or delete files, while the second installs "Ranky.fy," another Trojan that opens a back door to the PC.
“Unfortunately, we were expecting something like this," said Luis Corrons, director of Panda's research, in a statement. "This is not the first time, and won't be the last, that writers of malicious code have taken advantage of people's misfortune and anxieties to spread their Trojans and worms."
Word macro threats were once among the most visible, and most dangerous, but have fallen out of fashion. The most infamous macro threat was the Melissa virus of 1999, which debuted a propagation technique -- grabbing e-mail addresses from Microsoft Outlook -- that's still used by most mass-mailed worms and viruses.
To protect against a macro-based exploit, Word users should make sure that the macro security level is set at "Medium," which triggers a warning when a Word document containing one or macros is opened, or "High," to disable macros entirely.
In Word 2003, the setting is under the Tools menu, in the Macro/Security item.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
