Virus writers have developed Trojan horse malware designed to exploit an unpatched vulnerability in Microsoft's PowerPoint software. The MDropper-BH Trojan spreads in malformed PowerPoint files either downloaded by the internet or pushed out by other malware.

If opened, these infectious PowerPoint files attempt to exploit an unpatched vulnerability to drop the MDropper-BH Trojan onto compromised systems. The vulnerability involved is different from that covered by Microsoft's MS06-048 for a previous PowerPoint vulnerability, the target of earlier malware attacks. All versions of Windows and an unknown number of versions of PowerPoint are vulnerable to the latest attack. If successful the MDROPPER-BH attempts to drop the Small-CMZ Trojan into the temporary folder of a compromised Windows machine. This Trojan tries to download other forms of malware from various pre-programmed hacker web sites. In this way compromised machines are likely to become riddled with all manner of malware, leaving them compromised zombie clients in botnet networks controlled by hackers.

In the absence of an appropriate fix from Microsoft users are advised to employ up-to-date anti-virus software to block infection while also avoiding the temptation to open unsolicited PowerPoint files from trusted sources. ®

Related stories

• VXers push small coc Trojan on unwilling world (2 May 2007)
• Analysis Targeted Trojan attacks on the rise (15 October 2006)
• Vista joins MS patch treadmill (18 August 2006)
• MS releases dirty dozen (9 August 2006)
• When PowerPoint presentations attack (17 July 2006)
• Attack code follows patch update (15 June 2006)
• Patches released for zero-day IE threat (29 March 2006)