What is a 'Zero Day' virus threat?
Zero Day?
There's a newly discovered vulnerability in Microsoft Word. Its basically a virus. The worst part of this latest virus? Its discovery resulted directly from the fact that it has been exploited. It is known as a 'zero-day' threat, and this article is an attempt to explain that, if you want to know what it means?
Details
For those who aren't familiar with the term, a zero-day exploit is one that results in actual attacks before researchers discover it and add it to antivirus signature databases. That means that CURRENT antivirus software offers little or no protection against a zero-day exploit—making it extremely dangerous.
So far , however, it hasn't resulted in widespread attacks, but the web is buzzing with concerns. According to News.com, the initial attack targeted a Japanese government office.
What does this virus it do?
By design, the attack appears as if it's an internal memo, and antivirus software doesn't catch it.
According to Symantec, the attack can bypass spam filters.
For those predisposed to the technical world of Windows, the company has listed the details of a registry edit that can reportedly remove the Trojan Backdoor.Ginwui. See the Symantec report for details because this may change with new developments.
So what does it look like - this zero-day threat?
The 'payload' of the Word attachment appears to be a Trojan, but few details are available at this time.
Opening the e-mail attachment displays a message, but it also opens a backdoor in the background, which then pings an IP address in Asia.
Opening the attachment in Word 2003 installs the Trojan. But in Word 2000, the attachment causes the program to crash instead, and it doesn't run the payload.
So far, this is a very targeted attack. However, as attackers learn how to exploit the new vulnerability, expect to see more widespread use of the threat—at least until Microsoft's next Patch Tuesday, scheduled for June 13th. Today is May 25th! Oh dear....... two weeks of possi infection.
What can I do until the 'zero-day' is reached
Other than opening all e-mails in Word 2000 to see which ones crash the system, all you can do to protect users is to warn them to be especially vigilant about opening unexpected Word attachments to e-mails. Of course, I stand by my longtime warning to never use .doc file formats and stick with the .rtf format as the default for your company. While there isn't enough information available about this new exploit to be certain this format would block the attack, it's highly likely because the .rtf format generally blocks malicious Word macros.
Final word
Once again, expert sites strongly urge every business to ignore the Microsoft .doc default format in Word and instead change it to the .rtf format. Taking this simple step will eliminate virtually all Word macro threats, and most functionality will remain. "Virtually all" is simply used because no one is certain that there's no possible way to exploit the .rtf format.