A New Zero-Day Attack — But Don’t Hit the Panic Button

As my readers know, I am always on the soap box about caution when it comes to exposing ones computing environment and previously private information to outside attacks and various acts of skullduggery which can follow. But sometimes people can overreact. Even those “in the know.”

On a well-traveled ABA listserv today, a regular participant extolled the virtues of avoiding using Microsoft as an email editor in Outlook, because of a new zero-day attack. His statement was that the potential exposure wasn’t worth the trade for the ability to make an email “look” better.

With all due respect to the credentials of the person who posted, I privately emailed my two cents. The truth is, I have been using Word as my Outlook email editor since I was first able to do so. For me it’s not so much about formatting, although I must admit that the ability to use bold, italic, underscore, color, and especially tables, bullets and numbering, provides greater clarity for the recipient. It particularly assists in providing appropriate emphasis and emotional context.

But for me it’s more about knowledge management; specifically document assembly. I routinely respond to anywhere from 100 – 150 emails per day. Much of what I have to “say” in my emails is repetitive. Certain phrases, assemblage of resources and so forth are done again and again. I have assembled these building blocks of communication and information into autocorrects in Word which I can invoke with just a few keystrokes.

For example, when I include attachments to emails, I type “/adobe” and it brings in a paragraph which explains that all attachments are in the current version of Adobe PDF format, that the reader is free, and it further provides the URL hyperlink to get to the free download. Pretty good for pressing just 6 keys.

I have about twenty pages of these shortcuts which I use to build my responses, whether they are in the form of a fax, document, or email. They are always consistent, accurate, and properly formatted. I have them all on a flash ROM device which I carry on a keychain as well, so that if I have to use someone else’s computer, they are still available for me to use.

Although Outlook has an autocorrect feature of its own which can be used in the event Word is not the email editor, it does not work nearly as well.

The zero-day exploit discussed on the listserv was a topic included in a news blast by TechRepublic. First, for those of you not familiar with the term, let me explain that a zero-day exploit is one that results in actual attacks before researchers discover it and add it to antivirus signature databases. That means that anti-virus software offers little or no protection against a zero-day exploit—making it extremely dangerous in some cases.

It so happens, though, that this particular zero-day exploit came in the form of a highly-targeted trojan-bearing email attack on a Japanese government office. Opening the email attachment displays a message, but it also opens a back door in the background, which then pings an IP address in Asia. So far, this is a very targeted attack. However, it is expected that as attackers learn how to exploit the new vulnerability, we can expect to see more widespread use of the threat—at least until Microsoft’s next Patch Tuesday, scheduled for June 13. But just as attackers learn how to exploit the vulnerability, anti-virus companies will learn how to counter and protect from the attack.

The writer of the TechRepublic article, John McCormick, is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He suggests that readers never use .doc file formats and instead stick with the .rtf format as the default for their company. He stated, “While there isn’t enough information available about this new exploit to be certain this format would block the attack, it’s highly likely because the .rtf format generally blocks malicious Word macros.”

He recommends that every SAVE include a change of format to RTF. Yuck! Not likely on my computer. Too much valuable formatting gets stripped away in RTF. We’re talking the advanced features, not simple stuff like bold, italic, font etc. Heck no, I’m not giving them up by using RTF.

Finally, the TechRepublic article refers back to the original report regarding this new zero-day exploit. That appeared in a May 18th post on SANS’ Handler’s Diary. And here, where this report started, we actually hear a voice of reason:

Chances are really huge you’re not targeted, at least not by this exploit.

So do you need to dig in now? Most likely not, we suggest you act as if it’s any new vulnerability where the details are still very well hidden:

1) The one organization being targeted needs specific actions.

2) If you are on the potential target list, you need to learn to defend against the unknown, not against this threat.

3) If you’re not on the target list, chances are you will not see an exploit before Microsoft releases a patch and the knowledge to exploit it can be derived by the hackers.

Panic and blindly taking actions is probably the worst course of action you can take.

So what should you be doing? The same things you should be doing all along. Read my three simple rules to make yourself safer. Exercise retraint and common sense. Remember, the real threat of the zero-day exploit is that it has not yet been discovered, and therefore your anti-virus package offers no defense. So all you have to do is wait a little, for your AV package definition to give you protection, for Microsoft’s monthly security patch to download and install, and/or to hear back from the sender that the attachment is legitimate.

What’s wrong with a little good old-fashioned restraint when it comes to protecting your computer system and sensitive data? It sure beats knee-jerk reactions, or over-reacting by turning your back on some of the best features in your software. That’s my opinion, and I’m sticking to it. 🙂


To return to the main page of the blog, click here. To return to the blog Index, click here.

WordPress Themes