Sharing Security Developments, and Best Practices for corporate and home users
Sophos has declared MEDIUM RISK (3 out of 5 rating) for this new spammed email attack, although other AV vendors have this at low risk currently.
Kukudro-A - MS Word attack spammed in email
http://secunia.com/virus_information/30331/
http://www.sophos.com/security/analyses/wm97kukudroa.html
http://secunia.com/virus_information/30366/w97mkukudro/
http://www.sarc.com/avcenter/venc/data/w97m.kukudro.a.html
Example of spammed message
http://www.sophos.com/images/common/misc/kukudrdoc.gif
SUMMARY: W97M/Kukudro is a macro trojan that arrives as a Zip file attachment, containing a Word document -- which drops and executes a Downloader trojan on the victims computer. . Sophos has seen the Trojan horse spammed out in email messages with the following Subjects: "worth to see", "prices", "Hi", or "Hello". It uses a very old vulnerability in Microsoft Word MS01-034 where the malicious code can be automatically run just by viewing the document that contains it (impacting mostly unpatched Office 2000 users).
RECOMMENDATION: Stay up-to-date on AV protection and avoid all spam or untrusted URLs/attachments in your email