Select Page

Today, our friends at Trend Micro blogged about a new attack vector using Microsoft Word documents. We saw this as well last week, and have written a detection for the dropped trojan.

It’s not just a “lawsuit” that’s being spammed, we also picked up another form of this attack in our honeypots over the weekend:


When you open the Word document, you see a “PDF”, but it’s actually not. It’s a JPG, which links to an executable.


In Word 2007, it’s kind of like the Amish virus: The user has to really want to get infected.


Latest VirusTotal detection here.

Alex Eckelberry