Malware infects Macs through Microsoft Office vulnerability

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9225662/Malware_infects_Macs_through_Microsoft_Office_vulnerability

By Lucian Constantin
IDG News Service
March 29, 2012

Security researchers have encountered new email-based targeted attacks 
that exploit a vulnerability in Microsoft Office to install a remote 
access Trojan horse program on Mac OS systems.

The rogue emails appear to target Tibetan activist organizations and 
distribute booby-trapped Microsoft Word documents that exploit a known 
remote code execution vulnerability in Microsoft Office for Mac, 
according to malware experts from security firm AlienVault.

"This is one of the few times that we have seen a malicious Office file 
used to deliver Malware on Mac OS X," said AlienVault security 
researcher Jaime Blasco in a blog post on Tuesday.

Security researchers from Mac antivirus vendor Intego believe that the 
attacks might become more widespread. "This malware is fairly 
sophisticated, and it is worth pointing out that the code in these Word 
documents is not encrypted, so any malware writer who gets copies of 
them may be able to alter the code and distribute their own versions of 
these documents," they said in a blog post on Thursday.

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.  Get a free live class invite weekly.  Best
program, best price. www.ExpandingSecurity.com/PainPill