Skip to main content

Malicious Code in RTF Files: Yet another Prediction Comes True

June 14, 2001

A Trojan program penetrates computers when reading RTF files Kaspersky Lab, an international data-security software-development company, warns users about the discovery of the Trojan "Goga" that steals and sends out from infected computers user details for Internet access (i.e. login, password and...

A Trojan program penetrates computers when reading RTF files

Kaspersky Lab, an international data-security software-development company, warns users about the discovery of the Trojan "Goga" that steals and sends out from infected computers user details for Internet access (i.e. login, password and other information). Kaspersky Lab has already received several reports of the Trojan being detected "in the wild."

"Goga" has two distinguishing features: the first is that it utilizes files in RTF format as a means for spreading, confusing users in as much as they believe these files to be absolutely safe, often opening them without first administering an anti-virus check. The second is that the Trojan exploits a well-known breach in the Microsoft Word security system, allowing a malefactor to launch a malicious code, unbeknownst to a user, immediately following the opening of an infected document.

Should a computer not be installed with the proper patch thwarting this breach, then when the infected RTF file is read, MS Word automatically downloads a template containing the malicious macro-program from a remote Web site without any warning whatsoever. This macro-program extracts additional utility from the RTF file's binary section. This utility searches the infected computer and creates another TXT file containing user Internet access details. At this point, "Goga" starts up the script program that publishes the newely created TXT file in a Web-site guest book open to the general public. The virus writer is now able to periodically cull stolen information from this site.

Kaspersky Lab warned users about falling prey to this RTF-file danger on May 29. We once again recommend that users install the MS Word patch defending against this Trojan and any other malicious programs exploiting this breach ASAP.

Detection and removal procedures have already been added to the Kaspersky Anti-Virus database daily update.

Kaspersky Anti-Virus can be purchased in the Kaspersky Lab online store or from a worldwide network of Kaspersky Anti-Virus distributors and resellers.

Download the FREE time-limited trial version of Kaspersky Anti-Virus here.

Subscribe to Kaspersky Lab' FREE information service here.

Malicious Code in RTF Files: Yet another Prediction Comes True

A Trojan program penetrates computers when reading RTF files Kaspersky Lab, an international data-security software-development company, warns users about the discovery of the Trojan "Goga" that steals and sends out from infected computers user details for Internet access (i.e. login, password and...
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Innovating the industry with a Cyber Immunity approach, Kaspersky safeguards consumers, businesses, critical infrastructure, and governments from cyberthreats, with over a billion devices protected to date.

Kaspersky ensures Cybersecurity True to Business, focusing on providing clear outcomes, protecting revenue, easing workloads and preventing downtime. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services for organizations of every size, from small businesses to large enterprises, combining proven AI-driven protection technologies with simple management and expert support.

Recognized in independent tests and trusted by millions of individuals worldwide and nearly 200,000 organizations, Kaspersky helps detect threats earlier, respond faster and operate with greater confidence and freedom, protecting what matters most to our clients. Learn more at www.kaspersky.com.

Related Articles Press Releases