Top 5 Stories


Weaponized MS Word files targeting Macs

29 March 2012

Weaponized Word files targeting Macs have been identified by AlienVault Labs, which says the malware is coming from the same Chinese group that has been targeting the Tibetan government and nongovernmental organizations.

The Word files seem to exploit an existing vulnerability and target Microsoft Office for Mac. “This is one of the few times that we have seen a malicious Office file used to deliver malware on Mac OS X”, AlienVault Labs noted in a blog.

“A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights”, the blog explained.

The command and control domain for the malware is located in Beijing province on China Unicom’s network, according to the blog.

AlienVault Labs had earlier found that the same group was behind recent spear phishing attacks on the Central Tibetan Administration and other Tibetan groups, as well as the Nitro attacks targeting chemical and defense firms last year.

This article is featured in:
Application Security  •  Identity and Access Management  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×