Sunday, May 21, 2006

Be Careful Opening Word Documents

There is a new exploit in Microsoft Word that can harm your computer by opening Word Documents. It should go without saying, but do not open any Word documents from anyone you do not know. If you are not expecting one from someone you do know, it is a good idea to ask if they sent it. They may not have really sent it, but gotten infected themselves. The trojan sent it to everyone in their address book after it infected your friends computer.

Symantic, makers of Norton Antivirus, call this new threat Backdoor.Ginwui in their description of this trojan. F-Secure, NOD32, and other antivirus companies call it something similar, but Ginwui will be in the name.

From the Symantic details, the following files are created by this trojan.

  • Windows\Winguis.dll
  • Windows\drivers\IsPubDRV.sys
  • Windows\drivers\RVdPort.sys
  • Windows\drivers\DetPort.sys
This trojan will gather system information from your computer, take screenshots of your desktop, randomly restart your computer, connect to a remote web site to send your info to, and many other nasty actions.

Right now, this is considered a zero day exploit. That means until Microsoft fixes Windows, you can get infected even if you are up to date with patches. Having a good antivirus like Norton, F-Secure, or NOD32 can help protect your system for now.