Symantec Security Response has detected activity surrounding a zero-day exploit discovered in Microsoft Word 2003.

The malicious files contain a number of objects (such as PowerPoint slides and Excel charts) along with Backdoor.Ginwui, a piece of malicious code which opens a back door on the users computer. This back door allows a remote attacker to gather system information and execute code on the attacked machine. Symantec has also identified these malicious Word documents as Trojan.Mdropper.H. Symantec has rated both Backdoor.Ginwui and Trojan.Mdropper.H as Category 1 threats on a scale of 1 to 5 with 5 being the most severe.

Symantec Security Response raised the ThreatCon level to a Level 2 (Level 4 being the highest alert level) as a result of the active exploitation of this zero-day vulnerability. The Symantec ThreatCon provides an overall weather forecast of the state of the Internet.

Symantec recommends that users:

• avoid opening unknown or unexpected e-mail attachments
  
• keep Internet security software up-to-date
  
• use strong passwords on any shared Windows files
  
• back up user data to offline storage media

Related links: (Open in a new window.)
securityresponse.symantec.com/

View printable version (opens in new window)
Back