The discovery as of yesterday of a zero-day vulnerability in PowerPoint was followed by several isolated exploits related to attack via the Trojan.PPDDropper.B, and the backdoor Backdoor.Bifrose.E. And it seems that
exploits taking advantage of an issue in the MSO.DLL library file have crossed linguistic barriers. A malicious PowerPoint .PPT file comprising humorous Chinese love philosophy, spreading via e-mail actually installs the Troj/Edepol-C keylogging Trojan, rather than offer insights on relationships.
Once dropped on a machine, the Trojan attempts to switch-off antivirus protections on Windows platforms. It also allows remote access to the compromised computer, gathers data and sends them to remote servers and records keystrokes, has warned Sophos's global network of virus, spyware and spam analysis centers.
"The hackers exploiting this unpatched hole in PowerPoint appear to have timed the release of their malicious code to deliberately follow Microsoft's monthly security announcement," said Graham Cluley, senior technology consultant for Sophos. "The bad news for Microsoft and its customers is that there was no fix for this problem in that bundle of patches. All computer users need to be exercise great caution over unsolicited email attachments. The only people who are going to have a warm glow inside from the words of love in this presentation are likely to be the hackers behind the attack."
Find us on Google+
No user comments yet.
Be the first to express your opinion!
