Exploit-MSWord.c

This page shows details and results of our analysis on the malware Exploit-MSWord.c

Download Current DAT: 6617

Threat Detail

Malware Type: Trojan

Malware Sub-type: Exploit

Discovery Date: 2006-12-27

Next Steps:

Overview
Characteristics
Symptoms
Method of Infection

Overview

This detection covers specially crafted files attempting to exploit vulnerabilities in Microsoft Word documents to drop malware files. It does not install malware when MS Office is updated to the latest version.

Minimum DAT

5191 (2007-12-21)

Updated DAT

5945 (2010-04-08)

Minimum Engine

5.4.00

File Length

Varies

Description Added

2006-12-27

Description Modified

2010-04-08

Malware Proliferation

Characteristics

This is a detection for an exploit within a Word document file. The document itself attempts to spread negative propeganda as:

"China should break up India: Chinese strategist Published: August 11, 2009 China in its own interest should join forces with different nationalities like the Assamese, Tamils, and Kashmiris and support the latter in establishing independent nation-States of their own, out of India.An article ....."

The document contains code which is executed when the exploit is successful. As a result of the exploit a executable is dropped on the system. This executable is detected as Generic Dropper.pn which itself drops a file called updates.js (Detected as JS/Redirector.s)

Symptoms

Existence of the mentioned file.

Method of Infection

When the file is opened, malicious code is executed automatically using vulnerabilities in Microsoft Word. The code is not executed when MS Office is updated to the latest version.