Microsoft .doc exploit

Stephen Swaney steve.swaney at fsl.com
Fri May 19 19:03:03 IST 2006


> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Friday, May 19, 2006 1:47 PM
> To: MailScanner discussion
> Subject: Microsoft .doc exploit
> 
> May be premature to block .doc files, but SANS reports on a zero day
> rootkit carried in a word doc.
> http://www.incidents.org/diary.php?storyid=1345  It's in the wild but
> was a targeted attack.
> 
> Apparently no AV signatures yet.  One to watch.
> 
> Boy it's good to have a system that can block such things with a couple
> lines and 30 seconds of time!  In the past couple of weeks I've had two
> different venders try to sell me their proprietary systems.  They're
> wasting their time.  MailScanner rocks!
> 
> 
> ...Kevin

Here's the InfoWorld article:

http://www.infoworld.com/article/06/05/19/78499_HNword0day_1.html?source=NLC
-TB2006-05-19 

Looks like some of the anti-virus engines are starting to get caught up.

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com



More information about the MailScanner mailing list