Users should be careful with any spam email containing Word documents, as the vulnerability also automatic downloads of the GINWUI backdoor onto the system. A brand new variant of the backdoor component has just emerged and other variants may follow.
GINWUI.B - New payload variant from MDropper based on 0Day Word Exploit
http://secunia.com/virus_information/29302/ginwui.b/
http://secunia.com/virus_information/29299/bkdrginwui.b/
http://secunia.com/virus_information/29290/w97mmdropper.ab/
QUOTE: This backdoor arrives on a system as a file dropped by another malware that Trend Micro detects as W97M_MDROPPER.AC. When executed, it drops the files ZSYHIDE.DLL and ZSYDLL.DLL in the Windows system folder. This backdoor injects the said .DLL files, which are also detected as BKDR_GINWUI.B, into running processes to ensure memory residency and to hide its process, hence avoiding easy detection. Notably, it injects ZSYDLL.DLL into the Internet Explorer process. The said action causes the Internet Explorer to crash. Using TCP port 80, this backdoor attempts to access a remote server in scfzf.{BLOCKED}cp.net via Hyper Text Transfer Protocol (HTTP). It then listens for commands coming from a remote malicious user. It executes these commands locally on an infected system, providing the remote user virtual control over the system. The said routine compromises system security. This backdoor employs its rootkit capability in order to hide its files, process, and registry entry from an affected user, thus avoiding easy detection. In addition, it attempts to access a certain Web site.