1Table.A – trojan that uses a Microsoft Word vulnerability

PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP. This security problem allows the execution of code on affected systems and, more dangerously, allows the construction of malicious code which is indistinguishable at first glance from a normal Word file.

1Table.A appears to be a perfectly normal Word document. It cannot send itself automatically, and therefore needs the intervention of a malicious user in order to be distributed. This still however gives it plenty of scope, as it can be sent as attachments to e-mail messages or downloaded from web pages or P2P file-sharing networks, among many other systems.

If a user runs 1Table.A, it exploits this security problem to release a backdoor Trojan called Gusi. This creates a backdoor on the computer that allows a remote attacker to take a series of actions. TruPreventTM proactive detection technologies have detected Gusi without prior identification, so computers that have them installed have been protected from the outset.

According to Luis Corrons, director of PandaLabs: “this is a very serious security problem, as it allows malicious Word documents to be created which could take a host of actions on computers. Cyber-crooks have seen the enormous potential of this vulnerability, and it has only taken a few hours until we have seen the first malicious code that exploits it, and no doubt there will be more shortly.”

It is important to remember that any MS Office, such as Excel spreadsheets or PowerPoint presentations, could have malicious Word documents embedded, thereby making them potentially dangerous attack vectors.

Given that no patch has yet been released by Microsoft for this vulnerability, users are advised to act with caution on opening Word or MS Office documents, and ensure they have a fully up-to-date antivirus installed on their computers.