The recent months have seen a lot of zero-day exploits targeting Microsoft Word— what with MDROPPER variants becoming a perennial mainstay in the Trend Micro Malware Advisoriespage (TROJ_MDROPPER.CT being the most recent detection).
It is a bit surprising, therefore, when new malware exploiting old vulnerabilities suddenly appear virtually out of nowhere. W97M_KUKUDRO.AB and W97M_LAFOOL.AO— detected just almost two days apart — both take advantage of MS vulnerabilities dating as far back as 2001 and 2003, respectively. We all know that the threat landscape has changed dramatically since then. And using macros? That is soooancient.
And yet, they still proved effective — even almost getting detected as new exploit Trojans. Why? Because of the mere fact that they areancient. Something old, yet something new. In a time when Microsoft (and perhaps even the antivirus industry) are chasing proof-of-concept and zero-day malware like cats to anything shiny, seemingly unassuming grandpa exploits may just slip in quietly. The same goes for computer users who may be panicking for the latest security fixes… and forgetting the older patches in the process.
Perhaps malware authors are trying to check if we have strained our necks forward for so long that we cannot look back anymore. Fortunately, we love stretch our muscles once in a while.