Comments on: Zero-day Word flaw used in attack

Symantec warns of unpatched hole in Microsoft Word that was used in a bid to compromise Japanese government PCs.

[J_Satch]

This should be fun!

Ok, everybody jump in!

[wxguy]

Protection from Threat

I would assume that business users behind a firewall and home user behind a router are protected from the back door since a port needs to be opened in order to gain access to the back door.

[MrNougat]

Depends

It depends on how the backdoor is configured. If it needs to be an open port, sitting and waiting for orders, then yes, a simple NAT router would prevent the backdoor from being exploited even if it were installed.

However, many backdoors instead configure the zombie to initiate a connection to an outside server (IRC is common). Since many firewalls are configured to allow all outbound traffic, and it's the zombie going outbound to make the connection, this effectively bypasses firewalls.

[dragonbite]

protection

Isn't the protection for this the same as it is for other virus' ... don't open email attachments (unless from somebody you know AND you are expecting one)?

Could just wait to open that email until the virus definition is passed out, or you find out from the person themselves that it's legit.

[stacksmasher]

Solution

Solution = Linux

[Jim Hubbard]

So...where can I see the flaw?

How can I be sure that my antivirus software will portect me?

Is this something that can't be fixed? Is that why MS recommends "Safe mode"?

How can a Word doc contain installer code (or code period) that can't be seen by antivirus products or Word itself?