Experts at Trend Micro’s TrendLabs have confirmed that there are malicious emails being sent ostensibly an invitation to the Olympics. Once the mail is opened, malware affects MS Word, MS PowerPoint and MS Excel applications on the computer, which could allow remote attackers to take complete control of an affected system, or cause the application to crash.
Reports have surfaced about a zero-day MS Word vulnerability affecting Microsoft Word 2000, 2002, and 2003. It is said to affect even patched versions of the popular word-processing application on certain MS Office versions.
TrendLabs have also observed that these malicious files use the popular Olympics to get more users to click on them. The samples that TrendLabs has come across are detected as TROJ_MDROPPER.ZT. These files are zero-day exploits under vulnerability summary CVE-2008-2244 under the Common Vulnerabilities & Exposures (CVE) List of the National Cyber Security Division of the US Department of Homeland Security.
Among others, any email that has an attachment file named attachment .doc, appeal_letter_of_fttj.doc,attend_the_opening_ceremony_of_the_29th_olympic_games_in_beijing.doc, five_resolutions.doc, or lingotto_con_fiat.doc, be warned that opening it may make the computer vulnerable to attack.