I was thinking that today had been a relatively quiet day. Well, that’s not the case afterall. The folks at F-Secure have a working exploit for Microsoft Word that drops in a binary file and downloads a backdoor. The shellcode and the exploit are encoded so as to avoid detection. We have seen this type of behaviour before with the Cryzip trojan. Malware writers are finding they have good penetration with this type of tactic as gateway antivirus products cannot decrypt on the fly. As it is antivirus products are not picking up this exploit at print time. The folks at SANS Internet Storm Center are following this developing story.
UPDATE: Secunia now has an advisory posted. Symantec warning article as well.
UPDATE 2: Microsoft has finally released an advisory (919637)
[tags]0-Day, Expolit, Malware, Trojan, Microsoft Word[/tags]