Fresh PowerPoint File Maliciously Carries Attack Code, Reports Trend Micro
Researchers from Trend Micro state that one fresh presentation using Microsoft's PowerPoint has certain Flash file embedded on it that conceals an attack code. The researchers, who discovered the PowerPoint file, detected it as TROJ_PPDROP.EVL that if run hunts for familiar security flaws in Flash Player for exploitation and subsequent installation of a backdoor onto target PCs.
Essentially to work, the attack requires the running of the .ppt file followed with triggering of a shellcode inside the Flash Player. When hunting for program vulnerability the backdoor winword.tmp is replicated onto the Temp folder.
Meanwhile, there occurs the installation of one sanitized PowerPoint presentation. The method is familiar as other online malicious schemes similarly presented potential victims with one genuine Word or .pdf file so that no suspicion arose.
The researchers at Trend Micro state they've identified the backdoor to be BKDR_SIMBOT.EVL and also inform that the said malware is known to have played during past targeted assaults.
Furthermore, the new attacks don't anymore involve just malevolent files pretending to be simple binaries like .exe files sent through electronic mails. These files, particularly created, are implanted on profusely-utilized files like DOC, PDF, XLS else PPT files.
During the PowerPoint attack in question, end-users don't realize the assault as TROJ_PPDROP.EVL in addition exhibits one innocuous .ppt file that works like bait. The instance as well demonstrates how cyber-criminals are constantly exploiting earlier reported flaws within widely-used computer-applications like Flash, MS Office etc.
Commenting on the latest discovery, Threat Response Engineer Cris Pantanilla at Trend Micro stated that it outlined twin issues. One, attack codes crafted for reliable flaws continued to be successful tools for cyber-criminals. Two, the majority of computer-users didn't routinely deploy current security patches onto their systems that was the reason why attackers were persistently abusing the flaws, Pantanilla explained. Blog.trendmicro.com published this on June 3, 2012.
PowerPoint presentations along with more seemingly innocuous files are associated with problems of trust wherein users normally don't doubt such files. But the current attack clearly shows, the belief there's no virus if the threat file isn't an .exe, does not hold good anymore, Trend Micro researchers conclude.
Related article: Fark.com Files Suit against Suspected Hacker from Fox13
» SPAMfighter News - 11-06-2012