Original URL: http://www.channelregister.co.uk/2006/08/21/trojan_exploits_ppt_vuln/
Trojan exploits unpatched PowerPoint vulnerability
Vicious circle
Posted in Software & Security, 21st August 2006 15:54 GMT
Free whitepaper – Solid State Drives and High-Speed Memory
Virus writers have developed Trojan horse malware designed to exploit an unpatched vulnerability in Microsoft's PowerPoint software. The MDropper-BH Trojan [1] spreads in malformed PowerPoint files either downloaded by the internet or pushed out by other malware.
If opened, these infectious PowerPoint files attempt to exploit an unpatched vulnerability [2] to drop the MDropper-BH Trojan onto compromised systems. The vulnerability involved is different from that covered by Microsoft's MS06-048 [3] for a previous PowerPoint vulnerability, the target of earlier malware attacks. All versions of Windows and an unknown number of versions of PowerPoint are vulnerable to the latest attack. If successful the MDROPPER-BH attempts to drop the Small-CMZ Trojan [4] into the temporary folder of a compromised Windows machine. This Trojan tries to download other forms of malware from various pre-programmed hacker web sites. In this way compromised machines are likely to become riddled with all manner of malware, leaving them compromised zombie clients in botnet networks controlled by hackers.
In the absence of an appropriate fix from Microsoft users are advised to employ up-to-date anti-virus software to block infection while also avoiding the temptation to open unsolicited PowerPoint files from trusted sources. ®