TrendLabs has received a sample of a malicious MS Data Access (.MDB) file that spreads via spammed email messages and exploits a vulnerability in Microsoft Access. Trend Micro detects the said MDB file as TROJ_ACDROPPER.K. It takes advantage of the Microsoft vulnerability to drop and execute another Trojan detected by Trend Micro as TROJ_AGENT.PXT. This attack appears to be regionally targeted as the spammed messages that carry TROJ_ACDROPPER.K have been reported to be disguised as email from a Japanese government agency. Note that this Trojan has also been reported to arrive as a PDF file. As of this writing, this Trojan’s MDB exploit affects fully patched English and Japanese OS that use Office 2000, XP, and 2003. It does not affect Office 2007. Trend Micro has already informed Microsoft regarding this particular vulnerability and has since received a hotfix from the company intended for Windows XP Service Pack 2. The exploit did not work anymore when the fix was tested using Office 2003. Sources for this entry:

• http://blog.trendmicro.co.jp/archives/1208
  
• Analysis and updates from Senior Analyst Edgardo Diaz, Jr.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!