Tuesday, September 05, 2006 8:14 AM
cmosby
SANS - Internet Storm Center - Trojan.Mdropper.Q / Email Attachment Practices
Thanks to frequent reader Juha-Matti Laurio for sending us a note about
Trojan.Mdropper.Q and the previously undiscovered Microsoft Word 2000 vulnerability that comes with it. Trojan.Mdropper.Q activates when a file containing it is opened, and then installs a
backdoor on the machine. Fortunatly as with most Office vulnerabilities a user has to actually open the file before the trojan can be activated. Generally my advice to users is not to open files that they are not expecting even if they know the person that sent the file, but this one has made me curious, what do other system admins recommend to their users? Do you have a policy on email attachments? Is this policy automaticly enforced?
Update #1
It appears Symantec has updated their site to include the size of the Trojan: 79,265 bytes. Happy Antivirus updating!
Update #2Juha-Matti writes to tell us that Securiteam has posted an entry about this vulnerability on their blog. Check out their post
here. Mcafee is calling this one W32/MoFei.worm.dr, and has a writeup about the Trojan
here. It is still unknown as to what vulnerability this is exploiting.