The Channel logo


By | John Leyden 3rd October 2005 14:03

Backdoor Trojan targets Microsoft Access

Zero day vuln gives hackers open access

Virus writers have created a Trojan which uses an unpatched vulnerability in Microsoft Office to take over Windows PCs. The Hesive Trojan can be disguised as a Microsoft Access file. Once opened in Access, infected .mdb files take advantage of a five-month old buffer overflow flaw in Microsoft's Jet Database Engine software to seize control of vulnerable machines.

Incidents of the Trojan are rare but the creation of the first malware to target this unfixed security bug shows VXers are broadening the range of their attacks beyond targeting IE and Windows operating systems flaw to begin looking at Office applications. In this way skills associated more typically with targeted hacking attacks are being rolled into malware creation.

Microsoft is yet to fix the Database Engine glitch but the creation of malware specifically targeting a security bug with a core component of Office ought to speed the creation of a fix. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe