NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0200 RTF File Vulnerability:

Hackers are actively targeting executives of global companies with a Trojan embedded in an RTF (Rich Text Format) document attached to a fake Internal Revenue Service (IRS) email. The malicious email, designed to appear as if it iss coming from the IRS, has an attached file named "complaint.rtf," which contains a hostile embedded executable called "The original document was not fully loaded. Please double-click to reload msword.exe." If the recipients - executives of major global companies - open the email, the Trojan installs itself to steal sensitive information and upload data to three remote servers, according to Verisign Research. The installed Trojan, which goes by several names including: Robofo, Talpalk, Maha, and Dumbnod, attempts to steal passwords from Internet Explorer, Firefox, Opera, ICQ, Yahoo Messenger, Paltalk, and other similar applications and appears related to recent Better Business Bureau spoof attacks using similar code, techniques, and remote file servers. According to McAfee, most antivirus programs cannot detect the Trojan hidden in the RTF file because they are unable to parse the rich text file format.

AND...
Now you know why RTF is likewise not allowed on the reflector, along with HTML and attachments.

While this current example is targeting executives, it is only a matter of time before the technique is expanded to gather more personal information from individuals, not just corporate execs.

(www.sci-tech.today.com 31MAY07)

Last Modified: Tuesday, 12-Jun-2007 18:58:26 EDT