Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft

Microsoft

Chinese Hackers Make Available Microsoft Exploit Building Tool

Exploiting vulnerabilities across Microsoft products has never been easier!

By Marius Oiaga, Technology News Editor

5th of April 2007, 09:38 GMT

Adjust text size:



Enlarge picture
Not a hacker? No problem! Not even technically skilled? Again no problem. "2007 Doc Binder" will do all the work for you! Exploiting vulnerabilities across Microsoft products has never been easier! According
to Symantec, the number of samples for Trojan.Mdropper.X is through the roof. Usually, the case is that a malware family numbers something in the vicinity of five different samples. Trojan.Mdropper.X has in excess of 30. All the samples of Trojan.Mdropper.X are designed to target a Word Malformed Data Structures Vulnerability - CVE-2006-6456 that has been patched by Microsoft as of February 13, 2007.

At the basis of the Trojan.Mdropper.X expansion is none other than the "2007 Doc Binder," a Chinese toolkit that enables users to build Microsoft Word samples that exploit the CVE-2006-6456 flaw.

"The attacker has only to bind an executable such as Backdoor or an Infostealer trojan, and the tool will do the rest. It will create a malicious MS Word file that can drop and run the chosen .exe file. No need to analyze buffer overflows, find return addresses, or program complicated shellcode. Zero knowledge, maximum result, and minimal effort. Using this tool, an attacker could potentially generate several variants of malicious documents in a few minutes and spam them out immediately," revealed Elia Florio, Symantec Security Response Engineer.

Symantec has issued an additional warning revealing that while these exploits are indeed generated automatically, some recent samples in the wild had suffered manual patching and alterations in order to avoid detection by security software. Symantec has concluded in this regard that an evolved version of the "2007 Doc Binder" tool has become available.

"We observed that the samples generated by this tool have the shellcode located usually around offset 0x16730. The shellcode starts with the magic value of "C!29" (0x43213239), which is a kind of static marker used by the exploit. The executable is encrypted with a trivial XOR and is appended at the end of the .doc file. The generic detection for the Trojan.Mdropper.X family is currently detecting all the files generated by this tool," Florio added.

TAGS:

 Symantec | Word | exploit | Microsoft


Rating:
Fair (2.8/5) 6 vote(s) so far    

Read by 1,519 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Windows Vista - Cool, Natural and Refreshing

The $100,000 Microsoft Poetry Has New York Store-Front

Microsoft Office 2007 Basic, Standard, Small Business, Professional and Ultimate - Comparison

1985 Commercial for Windows 1.0

Final Windows Vista DreamScene Dropping Soon, Just Hold On

Crawl the Network for Windows Vista

Windows PowerShell Will Be Included into Windows Server Longhorn

Microsoft Tahiti Pre-Beta

600 Million Microsoft Products Running in the Piracy Marathon

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive