Another 0-day exploit is currently being investigated by Microsoft, last week we reported about a previous MS Word 0-day. Yesterday, a couple of reports emerged about a new 0-day and according to the MSRC blog this new claim is being investigated by them. We are still acquiring a sample for the appropriate solution and for our analysis, we will update you as soon as we got one. =)

According to the MSRC blog, in their initial investigation, the 0-day affects the following versions:

• Word 2000
  
• Word 2002
  
• Word 2003
  
• Word Viewer 2003

However, Word 2007 is not affected.

Update (Roberto Tayag, Tue, 12 Dec 2006 01:55:22 PM)

Yes, we have acquired a sample and Trend Micro will be detecting this file as TROJ_MDROPPER.EB. The pattern for this malware has already been submitted and is now under our scrutiny of our QA team. updates will come as soon as the pattern file has been released.

UpdateÃ? (Roberto Tayag, Wed, 13 Dec 2006 07:16:52 AM)

The pattern that will detect this malware has been released and you can check more information regarding this here.

With the number of bot malware discovered and analyzed by the security industry over the years, it is easy to claim that we have seen it all. Enter
PHP_PBOT.A, a PHP script-bot sporting a routine heretofore only practiced by Trojan-downloaders: Web server upload.

As a bot, its backdoor capabilities and possible vulnerability exploits warrant a been-there-done-that. The fact, however, that it can be uploaded to target Web servers adds the oomph to its otherwise blah routine. Thus, via affected Web servers, users who access the Web page that contains this malicious script get their systems affected pronto.

This is a new twist to how bots create a zombie network. Most bots propagate via network shares. True, it’s easy to infect a whole network, but at least one machine in that network should get infected first and spark the propagation. The biggest challenge for a bot is therefore is to affect that first system.

With the use of Web servers, PHP_PBOT.A brings bot propagation from local networks to the biggest network of all — the Web. Whether that is a leap forward for bots or actually a step backward, we have yet to know.

Are script-bots on Web servers the next big bot trend? Are they the next step in the evolution of a more powerful zombie?