Security firms Kaspersky and AlienVault have teamed up to analyze an interesting spear phishing campaign that’s aimed at Uyghur users. Attacks against this community are not uncommon, but it appears that cybercriminals are not willing to give up just yet.
The attackers rely on maliciously crafted Microsoft Word documents which exploit a vulnerability that affects Microsoft Office for Mac. The security hole in question was addressed by Microsoft in the summer of 2009, but it appears it can still be used successfully in targeted attacks.
It's still not official, but the evidence that Microsoft is bringing Office to the iPad and iPhone is growing in abundance. At this point, it seems to be an inevitability that Redmond will release Office apps for iOS in some form in early 2013, with Android apps following soon after.
Researchers have found a new attack that employs two separate pieces of malware, a malicious Word document and some techniques for maintaining persistence on compromised machines, and the campaign is specifically targeted at Mac users. The attack exploits a three-year-old vulnerability in the way that Office for Mac handles certain Word files, according to researchers at AlienVault, who discovered and analyzed the attacks.