Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Microsoft Office vulnerability used to spread malware
Posted on March 28th, 2012 at 8:58 AM EDT
AlienVault Labs has announced discovery of malware “in the wild” that is taking advantage of a Microsoft Office vulnerability to install itself. It would appear that MS Office for Mac 2004 and 2008 are both vulnerable if the relevant security patch has not been installed. On vulnerable systems, malicious MS Office documents have been seen that install two different trojans, the Tibet.A trojan announced last week and a second never-before-seen trojan apparently called MacControl.
Some may make the claim that this malware is a non-issue, because the patch for the vulnerability it relies on was released by Microsoft on June 9, 2009 – nearly three years ago. However, many people never install updates. As Sophos pointed out in February, malware authors often target patched vulnerabilities, knowing that people will be running outdated systems for ridiculously long periods of time. Since many Mac users upgrading to Lion were caught flat-footed by the discovery that MS Office 2004 – an 8-year-old product – will not run in Lion gives ample evidence to support the idea that there are many people using outdated versions of MS Office.
Users should be advised to install any available updates for MS Office as soon as possible, or start using an alternative to MS Office (such as OpenOffice, NeoOffice, LibreOffice or Apple’s Pages).
Tags: Mac OS X, MacControl, malware, Microsoft Office, Tibet, trojan
One Comment
This post is more than 90 days old and has been locked. No further comments are allowed.
ESET’s analysis http://blog.eset.com/2012/03/28/osxlamadai-a-the-mac-payload is facinating. They installed the Trojan and were involved in an interacitve session with what appeared to be a live operator looking for the users keychains and cookies and then commanding uploads of them. Clearly involved in identity stealing.