Malicious PowerPoint Files Launch Attacks, Exploiting Long-time Patched Flaw

Researchers at Sophos, an Internet security company, state that they have come across some malicious PowerPoint files that arrived in their laboratory over the recent days. These files apparently exploit the MS06-028 security flaw for which a fix has been available since June 21, 2006.

The researchers state that given the success of many attackers who continue to launch attacks exploiting vulnerabilities, it becomes clear that the sophistication level of attack techniques has significantly gone up.

Meanwhile, Sophos has identified the vicious PowerPoint files as Troj/ExpPPT-G. The protection mechanisms for tricky buffer overflow issues wouldn't be able to safeguard users from these files, as the threat exploits information within file-parsing logic. In other words, the flaw permits the calculation and resultant summoning of a pointer in the context of the PPT document image that maps with the memory component.

The reports state that hackers and scammers have attacked many Office applications of Microsoft for a long time. In recent months, Microsoft Corp. said that these criminals were maliciously exploiting a critical flaw, waiting to be patched, in its widely used Office package. At that time, the company in a security advisory asserted that the criminals were utilizing malware embedded PPT documents to set off the flaw in earlier versions of the software. According to Microsoft's researchers, a number of different attack codes are currently hovering in the wild.

Sophos researchers, who had seen fresh surges of the .PPT scam, stated that they observed an extreme growth in the assaults for the past few days.

According to them, irrespective of how efficiently anti-malware providers patched vulnerabilities, attackers apparently continued to be successful in applying traditional techniques and exploiting flaws for executing their campaigns.

Additionally, the researchers stated that those users, whose software was not patched, should not open unexpected .PPT attachments if they wanted to remain safe. Clearly, the attack targets unskilled users or those belonging to countries like China where pirated Microsoft software are popularly used, letting former vulnerabilities to act as ready targets.

However, Microsoft has promised to issue a solution either via its monthly security bulletin, or via an emergency update.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

» SPAMfighter News - 9/18/2009