We recently published information about poisoned Word documents that can infect Macs with a backdoor. These documents look like Word files, but, when double-clicked, after displaying text, they infect Macs with a backdoor.
Intego’s Malware Research Team has found samples of a Windows tool called MalHost-Setup.exe which can be used to create this type of infected Word file. (It can also be used to create Excel and PowerPoint files, but Intego has not seen any samples of these files being used to deliver this type of malware yet.) The sample found included an infected Word file with Mac-specific payload.
As we pointed out in our blog post, “the code in these Word documents is not encrypted, so any malware writer who gets copies of them may be able to alter the code and distribute their own versions of these documents.” This tool suggests that this type of infected Microsoft Office file will become more common.
All users of Microsoft Office should make sure they have applied all the available security updates. The last security update for Office 2004 and 2008 was in December 2011. Follow the link to download the appropriate update if your version of Office is not up to date.