According to the report "Targeted Attacks March 2007" by service provider MessageLabs, the number of targeted attacks through manipulated Excel, Word and PowerPoint files in email attachments, that exploit Office vulnerabilities, is on the rise. If recipients open such documents, their PCs can be infected with malware used to spy out data on the system or even the network.
While early in 2006, only two such attacks were registered per week, 716 such mails were detected alone in March 2007, coming from 249 sources and addressed to 216 different companies. In most cases, these mails contained manipulated PowerPoint files. Only rarely, anti-virus programs detected the malware hidden in these attachments. Microsoft also takes a very long time to provide patches to fix the respective holes, once they have been detected. During the last year, East Asian agencies of the US State Department were victims of such attacks, which infected several PCs. Although the problem was under control at the beginning of July 2006, a patch by Microsoft to close the respective hole was not provided before mid-August.
Office vulnerabilities known since February have not yet been patched.
Thursday, April 26, 2007
Posted by Peter Risdon at 9:50 pm