Several .ppt and .xls files have been found roaming on the www, files that also pack Backdoor.Ginwui / Trojan.Mdropper.H, a small number of code lines allowing a backdoor intrusion vulnerability on the user's PC.
Cupertino, California-based Symantec considers that Backdoor.Ginwui / Trojan.Mdropper.H are entry-level security threats.
The backdoor was presumably born in Asia and is targeted at enterprises and not particularly on personal computers, as attacks on the Japanese government IT systems have been reported. Symantec has operations in more than 40 countries, but it only stated that backdoors created by this particular Backdoor.Ginwui / Trojan.Mdropper.H threat are only in Asia.
The MS Word 2003 backdoor is considered a 0-day threat, meaning that there is currently no patch, although one is expected to be released by Microsoft on June 13, latest.
Vincent Weafer, senior director of Symantec's Security Response:
"What we're seeing is a continuation of the targeted threat using zero-day vulnerabilities. We got it from a single large customer inside Japan. We have not seen anyone else get it."
"The backdoor (...) pings an IP address located in Asia. It just pings to say it is available, but then, of course, you have a backdoor on your system."
Symantec warned that although it is not commonly widespread, an outbreak may occur, as the exploit becomes common knowledge:
"However, with the disclosure of this previously unknown vulnerability, new attackers may begin to exploit it in a widespread manner."
Symantec's products (Norton AntiVirus, Norton Internet Security, Norton Personal Firewall, Norton SystemWorks, Norton AntiSpam) will probably soon integrate the threat to their generic block namelists.
» Symantec Sues Microsoft Over Vista
» Symantec Antivirus Endangers Users' PC, eEye Report Shows
» Symantec Announces 2006 Versions Of Its Software
» Yahoo Offers Symantec's Norton Antivirus For Free
» Symantec Antivirus Free Of eEye-Reported Security Threat
» The Risks Of W32/RJump.worm Found On iPod
» F-Secure Warns About Rookit in Symantec Software
» Symantec Warns About New Windows Metafile Vulnerabilities