Microsloth Rich Text Format security hole!
George at Orwellian.Org
George at Orwellian.Org
Thu Jun 28 02:51:20 PDT 2001
http://www.kaspersky.com/news.asp?tnews=0&nview=1&id=199&page=0
#
# Thursday, June 14, 2001
#
# Malicious Code in RTF Files: Yet another Prediction Comes True
#
# A Trojan program penetrates computers when reading RTF files
#
# Kaspersky Lab, an international data-security software-development
# company, warns users about the discovery of the Trojan "Goga"
# that steals and sends out from infected computers user details
# for Internet access (i.e. login, password and other information).
# Kaspersky Lab has already received several reports of the Trojan
# being detected "in the wild."
#
# "Goga" has two distinguishing features: the first is that it
# utilizes files in RTF format as a means for spreading, confusing
# users in as much as they believe these files to be absolutely
# safe, often opening them without first administering an anti-virus
# check. The second is that the Trojan exploits a well-known breach
# in the Microsoft Word security system, allowing a malefactor
# to launch a malicious code, unbeknownst to a user, immediately
# following the opening of an infected document.
#
# Breach hyperlink:
#
# http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-028.asp
#
# Should a computer not be installed with the proper patch thwarting
# this breach, then when the infected RTF file is read, MS Word
# automatically downloads a template containing the malicious
# macro-program from a remote Web site without any warning
# whatsoever. This macro-program extracts additional utility from
# the RTF file?s binary section. This utility searches the infected
# computer and creates another TXT file containing user Internet
# access details. At this point, "Goga" starts up the script program
# that publishes the newely created TXT file in a Web-site guest
# book open to the general public. The virus writer is now able
# to periodically cull stolen information from this site.
#
# Kaspersky Lab warned users about falling prey to this RTF-file
# danger on May 29. We once again recommend that users install
# the MS Word patch defending against this Trojan and any other
# malicious programs exploiting this breach ASAP.
#
# Detection and removal procedures have already been added
# to the Kaspersky Anti-Virus database daily update.
More information about the cypherpunks-legacy
mailing list