Microsoft Corporation’s security research team has discovered a new malware that exploits an old bug in Microsoft Office. The strange thing about this malware is that instead of attacking the PCs, the bug is actually targeting Mac OS X systems.
The vulnerability, which was categorized as critical when it was discovered and patched in 2009, allows the attackers to execute remote code, which enables them to take control of a computer system. According to threat researcher Jeong Wook (Matt) Oh, a new malware utilizing the vulnerability has likely surfaced now, because not all machines are kept up to date, indicating that malware authors are taking advantage of users’ reluctance to patch.
The malware is put under severe category by Microsoft, and named MasOS-X/MS09-027.A. Due to the way that the exploit code is loaded into memory, and how OS X Lion protects certain segments of memory, the exploit fails under Lion. But, Snow Leopard and earlier versions do not protect the area of memory that the malware targets, and are also vulnerable if Office for Mac is not patched.
Oh said that the RunFile function proves that it was designed specifically for OS X. He also indicated that the developers of this malware had a particular target group in mind, since it seemed they knew their target would not be running Lion.