"Users, home and corporate, need to understand that even if an e-mail appears to come from someone they know, it may not have actually been sent by that person," warned Randy Abrams, director of technical education at ESET. "Attachments that are not asked for or expected should not be opened prior to confirming with the sender that they actually did send the attachment and why."
95% of email is spam. Want to spend more time on the other 5%? Google's hosted email security, powered by Postini, stops email threats before they reach your business. There is no installation or maintenance required, freeing you to focus on strategic activities. Watch our video to learn more.
Microsoft (Nasdaq: MSFT) 
is currently investigating a vulnerability in certain editions of its Word Software that could
open millions of unprotected PCs to hacker attacks.
The vulnerability affects Word 2000, 2002, 2003, Word Viewer 2003, Word 2004 for Mac, and Word 2004 version X for Mac. The free applications of Microsoft Works -- versions 2004, 2005 and 2006 -- are also vulnerable.
As Microsoft is releasing little data, the scope of the problem is unclear. As few as 300,000 users out of a potential universe of millions have sufficient firewall and antivirus defenses in place to protect against incursions, estimates Ryan Sherstobitoff, product technology officer for Panda Software.
Even though the flaw is widespread in terms of the number of products affected, the impact is not likely to be on the scale of a Blaster or Slammer worm, Randy Abrams, director of technical education at ESET, told TechNewsWorld. In those cases, code was executed without user interaction.
"This is really more of an incident that should be used to remind people to be cautious in handling attachments, rather than a high -profile threat," he said.
Until a patch is released, Microsoft and security experts are cautioning users not to open unexpected documents, especially those from unknown sources.
"Users, home and corporate, need to understand that
even if an e-mail appears to come from someone they
know, it may not have actually been sent by that
person," Abrams warned. "Attachments that are not asked
for or expected should not be opened prior to
confirming with the sender that they actually did send
the attachment and why."
The primary consumer attack vectors will likely be documents sent to people that claim to contain user names and passwords for porn sites; lists of activation codes for desirable software; information about a consumer's bank, stock or other financial account; pictures of celebrities; or jokes, Abrams said.
"History has taught us that these are highly successful social engineering tactics," he observed. "The fact that Word documents are very commonly exchanged make this vulnerability of concern.However, other means of tricking users into installing malicious software are effective enough that malware writers may not see a need to expend energy on an attack that is likely to gain only marginal returns."
More Mac users than usual might fall victim, since this user group is unaccustomed to malware and may not be as vigilant, Sherstobitoff told TechNewsWorld, noting that it is generally unusual for Mac software to be affected.
"It is more difficult to run arbitrary code on the Mac's underlying kernel than it is with a Windows OS," he pointed out.
Corporations at Risk
Even though corporations are better prepared than individual users for online malware, their systems may be at greater risk for attack, said Abrams.
"For financially motivated attackers, it
is not important to be able to exploit a million
machines. Simply compromising one machine on a
network can be enough to gain access to proprietary
corporate information. It is likely that this will be
a small, but costly, attack vector," he predicted.
Next Article in Malware:
The Hot Spot Security Fable
Print Version
E-Mail Article
Reprints
More by Erika Morphy
Related News Alerts
Related Resources
More Stories by Erika Morphy
Talkback: