14 DAY TRIAL // Have you ever wondered what is the succession of events behind a limited and targeted attack exploiting a zero-day vulnerability across Microsoft's products? Well, now you have a chance to watch first hand a successful exploit that compromises the system through the Microsoft Word 2000 zero-day flaw.
At the basis of this targeted attack - and with few exceptions this is the general rule - is social engineering. Most often, the email's source is a spoofed genuine address delivering the necessary leverage for the victim to open the email and download/execute the .DOC file attachment.
"Targeted attacks are not intended for the masses, so we're never going to see the usual "Very exciting greeting postcard.exe" attached to those emails. But the big question is: what happens when someone opens the malicious MS Word file? Usually, users don't see much happen and that is the point of these targeted attacks," revealed Elia Florio, Symantec Security Response Engineer.
The example Symantec used to illustrate the targeted attack scenario was the still unpatched zero-day vulnerability related to Word 2000 and exploited by Trojan.Mdropper.W. In this video you will be able to see how the shellcode deploys an executable before opening a legitimate document.
"The only thing that "smart" users can notice is a kind of "flickering" of MS Word. This is because the malicious code has to terminate and then re-execute the MS Word application with the new clean .DOC," added Florio.