Patch/Configuration Management, Vulnerability Management

Symantec warns of Word exploit activity

Symantec is warning PC users about activity surrounding a zero-day exploit recently discovered in Microsoft Word 2003.

The multi-faceted malware contains a number of files for Microsoft Office programs, such as PowerPoint slides and Excel charts, along with malware called Backdoor.Ginwui

Symantec Security Response also identified a malicious Word document called Trojan.Mdropper.H.

The exploits caused Symantec to raise their ThreatCon level to Level 2 (Level 4 is the most dangerous).

Vincent Weafer, senior director of Symantec Security Response, said Friday that the exploits are an example of new malware targeting trends.

"This threat originated in Asia but is not spreading widely because it seems to be targeted at specific large organizations," he said. "Symantec has seen similar types of targeted attacks in the past which leveraged exploits in office applications, such as Word. This event illustrates the trend toward zero-day targeted attacks."

The Cupertino, Calif., company recommended that PC users avoid unknown or unexpected email attachments and keep security programs up to date.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.