Vulnerabilities in Microsoft Office increasingly exploited for industrial espionage
According to the report "Targeted Attacks March 2007" by service provider MessageLabs, the number of targeted attacks through manipulated Excel, Word and PowerPoint files in email attachments, that exploit Office vulnerabilities, is on the rise. If recipients open such documents, their PCs can be infected with malware used to spy out data on the system or even the network. Such attacks are targeted at employees in trade and industry, in particular in the electronics industry. According to reports in the US media, even government agencies, the defence industry and nuclear plant manufacturers are spied out. MessageLabs names Taiwan and China as the sources of such attacks.
While early in 2006, only two such attacks were registered per week, 716 such mails were detected alone in March 2007, coming from 249 sources and addressed to 216 different companies. In most cases, these mails contained manipulated PowerPoint files. Only rarely, anti-virus programs detected the malware hidden in these attachments. Microsoft also takes a very long time to provide patches to fix the respective holes, once they have been detected. During the last year, East Asian agencies of the US State Department were victims of such attacks, which infected several PCs. Although the problem was under control at the beginning of July 2006, a patch by Microsoft to close the respective hole was not provided before mid-August.
Office vulnerabilities known since February have not yet been patched. Microsoft advises users to be very careful when opening Office documents, but does not provide concrete instructions on how to proceed; one can hardly be expected to make careful double-clicks.
It seems that anybody working in a company of interest for industrial espionage may become the target of such attacks. It is not always the most important person who is attacked; any PC can be used to install a trojan horse, which can spy out the network and the servers.
- Targeted Attacks March 2007, report by MessageLabs
- New zero-day exploits not only for Microsoft Office, heise Security news