Just an FYI, a new zero day vulnerability on MS WORD 2000 is currently being exploited by a trojan dropper. Upon opening this trojan on MS WORD, it drops a worm which propagates via network shares and has rootkit capability.

Fortunately the trojan dropper needs to be opened first on MS WORD in order to exploit the unknown vulnerability. With this in mind, Standard Operating Procedures in security and alertness still apply. Don’t open e-mail attachments if your not expecting any, even if it comes from someone you know.

Trend Micro customers need not to worry though, since these malware have already been detected by Trend Micro since September 1.

For more information, Juha-Matti of securiteam created an FAQ for this malware.

The trojan dropper is detected as TROJ_MDROPPER.BR while its dropped file is detected as WORM_MOFEI.AK.