Security experts at
Infosecurity
Europe 2007 are warning of hack attacks and data theft being made easier by
the use of hidden executables and a high-tech variant on the microdot spying
technique.
The first attack involves planting an executable malware file in a Word
document. When the document is opened it crashes the system and the malware is
automatically loaded when the computer reboots.
Advertisement
"It is a cunning technique because antivirus software does not detect this
kind of attack," said Pete Simpson, Threatlab active manager at
Clearswift.
"A lot of legacy Word code is ripe for this kind of attack. It is the attack
vector of choice for hostile intelligence agencies and professional criminals."
The second technique is a variant of the traditional spying method of
microdotting, where information is photographed and reduced to the size of a dot
and pasted into a document.
The new technique is similar, but uses text boxes in Word documents.
Sensitive information can be pasted into a text box and then the box is reduced
and placed in the document to resemble a punctuation mark.
But antivirus vendors are sure that existing security systems would stop the
first kind of attack.
"It is a really nasty one to beat, but in the end it would fail if systems
are up to date," said David Emm, technology consultant at Kaspersky Labs.
"Once the malware tries to run it would be picked up by its signature file,
or by its actions being picked up by the heuristics engine."
Do you agree?
Have your say on this article