Symantec researchers have discovered a special crafted Word document which deploys malware on the infected Macintosh computers. Yes, the file was forged using the Macintosh version of Word and it's designed to exploit a recent Word security hole fixed by Microsoft on Tuesday.
"After some investigation we determined that the document had actually been created using Word for Macintosh," Symantec noted on their Security Response blog. A peek at the document header revealed someone had created it on a Mac, instead of a PC.
If successful, this attack would drop a trio of malicious files onto a machine. A couple of Trojans and a rootkit arriving via the Word attack vector could turn a PC into another rooted bot on the Internet.
It seems that the trend for exploiting vulnerabilities around the same time as Patch Tuesday continues. Microsoft themselves confirm in their advisory that they have seen this issue exploited in the wild. However, in our experience the exploitation of such vulnerabilities tends to be very targeted in nature.
The good news is that the default configuration in Microsoft Office 2007 and Office 2003, Service Pack 3 will not allow you to open some older Office file formats, including Office for Macintosh documents (see MS KB922850 for further details). We're continuing to investigate the behavior of the exploit on other Office versions said Symantec.
Symantec Antivirus products will detect the malicious document as Trojan.Mdropper.Z. The dropped files are detected as Trojan.Dropper, Backdoor.Trojan and Hacktool.Rootkit.
