Select Page

Today, our friends at Trend Micro blogged about a new attack vector using Microsoft Word documents. We saw this as well last week, and have written a detection for the dropped trojan.

It’s not just a “lawsuit” that’s being spammed, we also picked up another form of this attack in our honeypots over the weekend:

Wordvector182312388

When you open the Word document, you see a “PDF”, but it’s actually not. It’s a JPG, which links to an executable.

Document12381231231238

In Word 2007, it’s kind of like the Amish virus: The user has to really want to get infected.

Openpackage12388

Latest VirusTotal detection here.

Alex Eckelberry