US military contractor targeted by doc-based malware

Businesses and organizations were advised over the weekend to make sure their computer security patches are updated, after a security vendor discovered a new malware attack targeting a defense contractor.

 

Sophos said the new attack uses a poisoned DOC file that exploits a vulnerability in Microsoft Office to infect machines running the Windows operating system.

 

"The latest attack was sent to the contractor - whose name (we are not making public) - embedded inside a file called Details.Doc, attached to the (email)," it said in a blog post.

 

It said the email pretends to be from a yahoo.com.tw address but the headers show the emails did not come from Yahoo.

 

On the other hand, it said the attachment "Details.doc" exploits the CVE-2012-0158 vulnerability and tries to install the "PittyTiger" backdoor malware.

 

Sophos added Microsoft has already issued a patch for the exploit as early as three months ago.

 

"And there are really no excuses for not having applied it," it said. — TJD, GMA News