Bird Flu Trojan Poses Danger To Word Users
A new Trojan horse, dubbed "Navia.a" by Panda Software, uses subject heads of "Outbreak in North America" and "What is avian influenza (bird flu)?" to dupe recipients into opening an attached Microsoft Word document.
That's when Navia.a goes old school: the Word document is infected with malicious macros.
One of the macros makes several Windows kernel calls to allow the Trojan to create, change, or delete files, while the second installs "Ranky.fy," another Trojan that opens a back door to the PC.
“Unfortunately, we were expecting something like this," said Luis Corrons, director of Panda's research, in a statement. "This is not the first time, and won't be the last, that writers of malicious code have taken advantage of people's misfortune and anxieties to spread their Trojans and worms."
Word macro threats were once among the most visible, and most dangerous, but have fallen out of fashion. The most infamous macro threat was the Melissa virus of 1999, which debuted a propagation technique -- grabbing e-mail addresses from Microsoft Outlook -- that's still used by most mass-mailed worms and viruses.
To protect against a macro-based exploit, Word users should make sure that the macro security level is set at "Medium," which triggers a warning when a Word document containing one or macros is opened, or "High," to disable macros entirely.
In Word 2003, the setting is under the Tools menu, in the Macro/Security item.