US military contractor targeted by doc-based malware
Businesses and organizations were advised over the weekend to make sure their computer security patches are updated, after a security vendor discovered a new malware attack targeting a defense contractor.
Sophos said the new attack uses a poisoned DOC file that exploits a vulnerability in Microsoft Office to infect machines running the Windows operating system.
"The latest attack was sent to the contractor - whose name (we are not making public) - embedded inside a file called Details.Doc, attached to the (email)," it said in a blog post.
It said the email pretends to be from a yahoo.com.tw address but the headers show the emails did not come from Yahoo.
On the other hand, it said the attachment "Details.doc" exploits the CVE-2012-0158 vulnerability and tries to install the "PittyTiger" backdoor malware.
Sophos added Microsoft has already issued a patch for the exploit as early as three months ago.
"And there are really no excuses for not having applied it," it said. — TJD, GMA News
Talk of the web