Clemson Computing & Information Technology
Clemson Calendars Campus Map Clemson Tour MyCLE Clemson Phonebook Clemson Search Webmail Clemson University Navigation
top of border
middle of border
Threat Information
Recovery Information for Campus Threats

Client Support
CCIT

This page contains detailed recovery information on current campus threats for TSP's and Consultants.

FakeAlert-D TRojan

McAfee Dats - 8/4/2006

Zero Day Exploits for Microsoft Word

An exploit has been created to take advantage of the recent vulnerability announced for MS Word. Successful exploitation of this flaw could allow the attacker to have the rights of the currently logged in user. So far these attacks have been targeted to specific organizations but these exploits could easily be incorporated into a worm and sent into the wild. Here's some characteristics of current known exploits as reported by eEye:

Early forensic investigations show the attacks originating from within China.

To date, there have been two variants found in the wild, termed most popularly,
GinWui.A and GinWui.B.

Two email subject lines have been reported:
"Notice"
"RE Plan for final agreement"

Two email doc attachments have been reported:
"NO.060517.doc.doc"
"PLANNINGREPORT5-16-2006.doc"

Previous versions of this exploit have been reported to be successful on Chinese versions of Microsoft Word. This new variant has been confirmed to work on Microsoft Word 2000, Word 2002, and Word 2003 English versions. On Microsoft Word XP, the exploit crashes the machine; however, it is trivial to modify the exploit to allow for remote code execution, and we expect this to be a possibility in any future variants.

You can view the Microsoft Advisory here...

New Mac OS X Virus

There has been reports of new virus activity on the Mac OS X platform. Released as of this posting, there is a zero-day exploit that affects the Safari Browser. The exploit uses a malicious website to execute any shell scripts.

From Sans: " The problem is due to a feature that is activated by default: Open Safe Files after downloading.  A zip file is considered safe and so they will be opened automatically.  Subsequently, a shell script with no #! at the beginning of the script will be executed automatically.  No user interaction! " more info at http://isc.sans.org/diary.php?storyid=1138&rss

There are also two other viruses that are currently being detected through McAfee Virex Virus protection. Information can be found at McAfee's write up on OSX/Inqtana and McAfee's write up on OSX/Leap.

bottom of border
Clemson Alphabetical Navigation Clemson Z index Clemson Y index Clemson X index Clemson W index Clemson V index Clemson U index Clemson T index Clemson S index Clemson R index Clemson Q index Clemson P index Clemson O index Clemson N index Clemson M index Clemson L index Clemson K index Clemson J index Clemson I index Clemson H index Clemson G index Clemson F index Clemson E index Clemson D index Clemson C index Clemson B index Clemson A index