Email Blast, From the Past
McAfee Avert Labs reports:
A Microsoft Word document was mass-spammed today, which exploits MS01-034. While this vulnerability was patched nearly 5 years ago, the DOC file can still deliver its payload if users allow Word to run the malicious macro within. Spammed messages use attachment names such as apple_prices.zip, prices.zip, and sony_prices.zip. The archive contains a file named my_notebook.doc, which contains a list of notebooks for sale:
Apple MacBook Pro MA463LL/A 15.4″ Notebook PC
HP Pavilion DV8230US 17″ Notebook PC
Sony VAIO VGN-FS830/W 15.4″ Notebook PC
The DOC also file contains a macro, that drops a downloader trojan, that downloads a parasitic virus that is also a downloader.
Speaking of old vulnerabilities being targeted by malware, MS03-011 (patched for more than 3 years) is still on the list of top threats being reported by VirusScan Online customers (see Exploit-ByteVerify). Again, this is exploited by the distributors of spyware in the shape of drive-by downloads.