Monday, May 22, 2006

Temporary Fix for MS Word Trojan

According to the latest Microsoft security research, the latest trojans compromising MS Word, which are commonly know as, BackDoor-CKB!cfaae1e6, Ginwui or W97M_MDROPPER can be mitigated by limiting the software restriction policy because the attacks seen thus far require administrator privileges. Microsoft actually has a pretty good write up on how to set the software restriction policy and to their credit they do provide a free hotline (866.PCSAFETY) customers that need help with viruses. SANS also has a list of work around ideas but the good news is that this trojan does not seem to be spreading very quickly and all of the major anti-virus software vendors have updated their databases with signatures that detect it.

For more information on this trojan see my earlier post from 5/20/06:

MS Word Trojan Targets Corporate Users

technorati tags: , ,


At May 24, 2006 7:24 PM, Anonymous HJS III said...

Hi Andrew:

Can you contact me at
regarding your new venture?

Hugh J. Sloan III
General Partner
Sand Hill Partners LLC

At December 13, 2007 1:05 AM, Blogger Alex said...

In this situation advise next good tool - word fix, do something extracts any information that can be extracted from it. In case the document is seriously damaged, part of the data may be permanently lost, all recovered information is displayed on the screen for the user to be able to check it.


Post a Comment

Links to this post:

Create a Link

<< Home

Powered by Blogger