Microsoft advises users to switch Word to 'safe mode'
The move would help guard against a Trojan program that surfaced recently
ITWorldCanada - Microsoft Corp. is advising Word users to run the application in "safe mode" to help guard against a Trojan program that surfaced recently, although security experts today said there still appears little cause for alarm.
"The good news is that it doesn't seem to be very widespread," said Graham Cluley, a senior technology consultant with U.K. antivirus company Sophos PLC. "There have been very, very few reports."
Researchers at F-Secure Corp. and Trend Micro Corp. also said the number of reported incidents remained low. Trend Micro rates the Trojan as "low risk" because, while the potential for damage is high, the impact so far has been small, said David Sancho, a senior antivirus engineer.
The Trojan surfaced last Thursday and arrives buried in a Word file attached to an e-mail message (see "E-mail attacks target unpatched Word hole" ). It secretly installs software on a user's PC that could be used to execute remote commands, download other malware or monitor keystrokes and gather passwords, among other mischief.
For the Trojan to do its work, however, users must first be tricked into opening the Word attachment. And the incidents reported so far suggest that hackers are still using the Trojan in a very targeted fashion rather than sending it in mass e-mail, said Erkki Mustonen, a security researcher at F-Secure.
The Finnish vendor received reports from a handful of European companies affected last week that were all in the same business area, Mustonen said. He declined to name the industry. The company received a few more reports this week but "it seems to be pretty calm," he said.
The number of hacker groups using the Trojan appears quite small at this point, Mustonen said. "It seems they have been written by expert people," he said.
He advised businesses to monitor any suspicious traffic coming from China in their firewall. The Trojan may not have originated there, but it appears at least to be talking to a host server in that country, he said.
Microsoft's Security Research Center is analyzing the vulnerability, which affects Microsoft Word XP and Word 2003. The company said it will release a patch with its next regular update, due June 13, or earlier if necessary.
In the meantime,Word's safe mode won't fix the vulnerability but will prevent the vulnerable code from being exploited, Microsoft said.
The first step is to disable the Outlook feature that uses Word for editing e-mails. The second involves creating a new desktop shortcut that adds "/safe" to the Word command line. Detailed instructions are available online.
"For the sake of security I'd recommend doing it,even though it's a bit difficult," Sancho of Trend Micro said.
In safe mode, Word ignores toolbar customizations, changes to preferences can't be saved and functions such as AutoCorrect and Smart tags are disabled.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
All Malware and Vulnerabilities White Papers |