Watch the Exploit - A Targeted Attack Video

We've been getting a lot of requests from people asking what it looks like when your computer is compromised by one of these very limited targeted attacks that involves any of the recent MS Word zero-day vulnerabilities. A targeted attack begins with an incoming email that has a .DOC file attached; a very common event that happens to almost everyone every day. The email sender looks legitimate (it's spoofed of course!) and the document name is selected to appeal to the recipient.

For example, if the targeted user is an accountant, then the document would look like a tax certificate or an invoice. For members of governments, it could appear to be an important communication from a Minister. For finance brokers, a stocks analysis and so on...

Targeted attacks are not intended for the masses, so we're never going to see the usual "Very exciting greeting postcard.exe" attached to those emails. But the big question is: what happens when someone opens the malicious MS Word file? Usually, users don't see much happen and that is the point of these targeted attacks! Nevertheless, here is an interesting video of a machine being compromised by the latest unpatched zero-day vulnerability related to MS Word 2000 (CVE-2007-0515) and exploited by Trojan.Mdropper.W.