Trend Micro says it detected a targeted attack that sent malware-laden emails to representatives of 16 European countries and some Asian governments.
The bogus emails purported to come from China’s defense ministry and contained a malicious attachment that exploited a now-patched vulnerability in Microsoft Office versions 2003 to 2010, wrote Jonathan Leopando, a technical communications specialist with Trend Micro.
Microsoft patched the vulnerability in Office, CVE-2012-0158, more than a year ago although attackers are still frequently targeting it, including in the Safe and Taidoor campaigns, Leopando wrote.
If the email attachment is opened on an unpatched computer, a “backdoor” program is then installed that steals login credentials for websites and email credentials from Internet Explorer and Microsoft Outlook, Leopando wrote.
SOURCE: pcworld.com
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.