Hackers have exploited a new Microsoft Word vulnerability in a series of targeted email attacks, it was reported today.
According to security experts at MessageLabs this attack used a new zero-day vulnerability in Microsoft Word. It is reported that the emails originated from a Yahoo! email account, which the hacker accessed through a mobile device CDMA link to conceal their identity. Security professionals claim the emails contain information about the political situation in Iran and attempts to entice recipients into clicking on a malicious word attachment, which contains the malware that exploits the zero-day vulnerability.
Once the user has clicked on the attachment the vulnerability causes Microsoft Word to drop an executable file. This file then drops another word document and another executable file. The clean word document is opened and includes some text about the political climate in Iran. However, the dropped file is executed, which allows cyber criminals to gather information about the system it is executed on.
The attack only lasts a few seconds but consists of three copies of the same malware sent to specific users at large organisations where undetected copies could potentially compromise the security of the company. Experts claim the attack was designed to steal sensitive data through the recipient's computer.
Moreover, Microsoft continues to investigate another proof-of-concept zero day flaw for Word discovered last week. However, neither of the vulnerabilities are expected to be tackled in tomorrow's security update, Patch Tuesday.