NEW YORK -- On the 7th of December, 2006, MessageLabs proactive heuristic anti-virus engine Skeptic detected and stopped a new targeted email attack which exploited a new, previously unknown, Microsoft Word vulnerability. This attack was different to previous attacks stopped by MessageLabs and did not fit with the techniques used by previously identified targeted attack senders.
MessageLabs recommends all email users outside the MessageLabs network do not open documents from untrusted sources and use extreme caution even when opening documents from trusted sources.
This attack used a new, previously unknown and unannounced, zero-day vulnerability in Microsoft Word. Although, the attack itself only lasted four seconds and consisted of three copies of the same malware sent to very specific people in high-profile organizations, undetected copies could compromise the security of the targeted organizations. The attack appears to be designed to access confidential information through the victims computer.
In this instance, the attack emails originated from a Yahoo email account which the attacker unusually accessed through webmail from a mobile device CDMA link to further hide his identity.
