Malware

Internet

See all Internet

IT

See all IT

Mobile Tech

See all Mobile Tech

Security

See all Security

Technology

See all Technology

Newsletters

See all Newsletters

New MS Word Vulnerability Targets Large Companies

Another zero-day vulnerability in Microsoft Word has been identified, MessageLabs reported on Tuesday.

The new, unannounced vulnerability was exploited in an e-mail attack aimed at a few large corporations, Alex Shipp, an engineer withMessageLabs, told TechNewsWorld.

Targeting Industrial Espionage

The attack — consisting of three copies of malware sent to high-profile executives — only lasted four seconds. Its goal appeared to have been to access confidential information on the targeted computers.

The attack e-mails were sent from a Yahoo e-mail account that the attacker accessed via a mobile device CDMA link — an unusual permutation designed to hide one’s identity.

The vulnerability can corrupt a PC’s memory and allow the attacker to gather information about the target system. It then can run unauthorized software on that system. This system data is sent via e-mail to the perpetrator of the exploit, accordingto MessageLabs.

Industrial espionage has been a growing focus for hackers, said the firm. Over the past 18 months, it has been tracking three gangs of criminals involved in similar attacks. The latest Microsoft Word attack does not fit any of the known patterns, though, and is likely to be the work of a new group of criminals, said MessageLabs.

Consumers Exempt?

nCircle’s CTO Tim Keanini told TechNewsWorld that a virus has two very commonly used entry points to exploit: e-mail and being downloaded as a Word document from a Web site.

Users should take precautions with Word until Microsoft develops a patch, he advised.

Though reports indicate that only large companies have been targeted, it is possible that more systems have been infected and users either do not know it or have not reported it yet. “Large companies have domain expertise in this area and know when they are infected,” Keanini said.

Initial reports of at least one of Word’s vulnerabilities suggested there is a potentially large universe of victims.

The vulnerability affects Word 2000, 2002, 2003, Word Viewer 2003, Word 2004 for Mac, and Word 2004 Version X for Mac. The free applications in Microsoft Works — versions 2004, 2005 and 2006 — are also vulnerable.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Erika Morphy
view all
Quinn’s Crash Override Combats Cyberbullying
January 22, 2015
Texting Drivers Willing to Play With Fire
November 10, 2014
Take a Nano Pill and Call Google in the Morning?
November 3, 2014
Being Facebook Means Never Having to Say You’re Sorry
October 3, 2014
iPhone 6 Bendgate: The End of Tight Jeans?
September 24, 2014
Nextdoor Offers Digital Path to Neighborliness
August 25, 2014
Google Straps On Jetpac to Take Search to New Heights
August 19, 2014
Reading Rainbow Finds Pot of Gold
July 7, 2014
In ‘The Internet’s Own Boy,’ the Good Guy Doesn’t Win
June 27, 2014
Dems Push Net Neutrality Against the Odds
June 19, 2014
More in Malware
mobile app security
Mobile Security Firms Fortify Defenses as App Attacks Accelerate
February 5, 2024
tech industry trends for 2024
Rob Enderle’s Tech Forecast for 2024
December 11, 2023
scanning a QR code on a smartphone
Quishing Alert: Experts Advise Caution Before Scanning QR Codes
December 5, 2023
TV set-top box with remote control
Electronic Frontier Foundation Calls for FTC Action on Poisoned Set-Top Boxes
November 16, 2023
More Linux Malware Means More Linux Monitoring
September 15, 2023
passwordless computing
The Realities of Switching to a Passwordless Computing Future
September 5, 2023
IT Managers
Cyber Insurance Costs Rising, Coverages Shrinking: Report
August 29, 2023
computer programmers analyzing cybersecurity systems
HP Addresses Rising Security Threats Before an AI-Driven Wave of Pain
June 26, 2023
cybersecurity team in systems control room
AI ‘Hallucinations’ Can Become an Enterprise Security Nightmare
June 7, 2023
Russian hacker group
DOJ, Five Eyes Nations Unite To Dismantle Russian Cyber-Espionage Network
May 12, 2023

Your opinion on the TikTok controversy: ban, regulate, or maintain status quo?
Loading ... Loading ...

Technewsworld Channels

Applications

Applications

Courts, Regulators Pose Threat To Apple Services Revenue in 2024

Audio/Video

Audio/Video

OpenAI’s Sora, ElevenLabs, and the End of Video Media as We Know It

Chips

Chips

Business Buyer’s Guide for a Better PC Purchase

Computing

Computing

Google Joins Amazon, Microsoft With New Arm-based Data Center CPU, Axion

Cybersecurity

Cybersecurity

Proton Adds Passkey Support to Password Manager, Knocks Big Tech

Data Management

Data Management

The Realities of Switching to a Passwordless Computing Future

Developers

Developers

AI Will Have a Transformative Impact on Software Development in 2024

Emerging Tech

Emerging Tech

Elegoo’s Vision Is Shaping the Future of 3D Printing

Exclusives

Exclusives

More Linux Malware Means More Linux Monitoring

Gaming

Gaming

Next-Generation Wi-Fi 7 Standard Expected To Be Finalized in Early 2024

Hacking

Hacking

Hacker Nation: The World’s Third-Largest Economy

Hardware

Hardware

GTC 2024: The Brilliant Insanity of Nvidia’s CEO and Which AI Vendors Stood Out

Health

Health

SevaCare Blood Pressure Monitor Offers Affordable Home Health Assurance

Home Tech

Home Tech

Temu and Homary: Online Retailers That Are Generally a Good Value

How To

How To

Lunar Lobster Is Dead: How To Upgrade to Ubuntu 23.10 Mantic Minotaur

Internet of Things

Internet of Things

Paranoia in the Home: 1 in 3 Americans Worried About Their Smart Gadgets Being Hacked

IT Leadership

IT Leadership

HP Amplify Event’s Second Act Was Worth the Wait

Malware

Malware

Mobile Security Firms Fortify Defenses as App Attacks Accelerate

Mobile Apps

Mobile Apps

The DOJ’s Flabby Antitrust Lawsuit Against Apple

Operating Systems

Operating Systems

Qualcomm Chip Closing Performance Gap With Apple M3 in Leaked Benchmarks

Privacy

Privacy

Are Deepfakes Overblown?

Reviews

Reviews

The Orbi RBE973 Wi-Fi Router Really Is That Good

Science

Science

AI-Powered Software Offers Breakthrough for Treating Dyslexia

Search Tech

Search Tech

Affiliate Marketing Contributing to Substandard Search Results: Study

Servers

Servers

Disorganization, Not Cost, Fuels the IT E-Waste Crisis

Smartphones

Smartphones

Apple, Google Talks Could Bring Gemini AI to iPhone

Social Networking

Social Networking

Tech Coalition Launches Initiative To Crackdown on Nomadic Child Predators

Space

Space

Amazon’s Competitor to Musk’s Starlink Takes Critical Step Toward Deployment

Spotlight Features

Spotlight Features

Standout Tech Products of 2023

Tablets

Tablets

10 Products From CES 2024 That Set the Innovation Bar

Tech Buzz

Tech Buzz

Might Nvidia Be the First Company With an AI CEO?

Tech Law

Tech Law

Electronic Frontier Foundation Calls for FTC Action on Poisoned Set-Top Boxes

Transportation

Transportation

How AI Could Have Prevented the Key Bridge Collapse

Virtual Reality

Virtual Reality

Vision Pro Revives One-and-Done App Purchases

Wearable Tech

Wearable Tech

Apple Vision Pro Impressions: One Week Later

Women In Tech

Women In Tech

‘Women Don’t Play’ Confronts Gender Disparity in the Tech Industry

More from ECT News Network

E-Commerce Times

ConvertKit Newsletter Platform for Creators: From Passion to Profit
ConvertKit Newsletter Platform for Creators: From Passion to Profit
April 23, 2024
B2B E-Commerce: Key Reports Indicate Many Web Stores Broken
B2B E-Commerce: Key Reports Indicate Many Web Stores Broken
April 10, 2024
Beyond the Cart: UX Hits and Misses Can Make or Break a Virtual Storefront
Beyond the Cart: UX Hits and Misses Can Make or Break a Virtual Storefront
April 2, 2024

LinuxInsider

How To Connect via OpenVPN on Ubuntu
How To Connect via OpenVPN on Ubuntu
April 19, 2024
Best Record Yet for Open Source Use in Business Worldwide
Best Record Yet for Open Source Use in Business Worldwide
April 12, 2024
What To Do if Your Linux Server Has Been Hacked
What To Do if Your Linux Server Has Been Hacked
March 22, 2024

CRM Buyer

Bigeye’s Dependency-Driven Monitoring Boosts Reliability of CRM Data
Bigeye’s Dependency-Driven Monitoring Boosts Reliability of CRM Data
April 15, 2024
AI-Human Collaboration and the Future of Customer Service
AI-Human Collaboration and the Future of Customer Service
April 4, 2024
Salesforce Enhances Field Service
Salesforce Enhances Field Service
March 21, 2024