TELECOM Digest OnLine - Sorted: Attackers Exploit PowerPoint Flaw

Attackers Exploit PowerPoint Flaw

Robert McMillan (idg@telecom-digest.org)
Fri, 14 Jul 2006 15:12:46 -0500

Review Index Sorted By: [ date ][ thread ][ subject ][ author ]
Next message: telecomdirect_daily: "TelecomDirect News Daily Update - July 14, 2006"
Previous message: Rick Merrill: "Re: A New Way around the Do Not Call Lists ..."
TELECOM Digest: Home Page

Robert McMillan, IDG News Service

Attackers have found another hole in Microsoft's Office products.
Yesterday, Symantec reported that it has discovered a targeted attack
that takes advantage of an unpatched vulnerability in Microsoft's
PowerPoint software.

The hackers behind this attack are using the same techniques that were
used in previously reported Word and Excel attacks, says Dave Cole, a
director with Symantec Security Response.

"It's similar to the pattern we've seen over he past few months where
they're using a previously unknown Microsoft vulnerability, and an
e-mail enticement to get a backdoor on someone's machine," he says.

Cole believes that the same hackers may be behind all three
attacks. "It looks like it may be the same group just based on the
similarly of attacks," he says.

Not Widespread

As with the Word and Excel attacks, this latest malware is not
widespread.

This PowerPoint attack was discovered late Wednesday by a Symantec
customer, who received a Chinese-character e-mail from a Gmail
account. The e-mail contained a PowerPoint attachment that installed
two pieces of malicious code when opened: a Trojan horse program,
called Trojan.PPDDropper.B, and a backdoor program called
Backdoor.Bifrose.E.

The backdoor program tries to cover its tracks, by writing over the
original PowerPoint document. It then awaits instructions from the
attackers, who can use it to control the infected system.

Office is fast becoming the target of choice for hackers.

Microsoft patched a total of 12 Office vulnerabilities on Tuesday, but
the PowerPoint bug used by this latest malware was not one of them,
according to Cole.

Microsoft is investigating the vulnerability, says Stephen Toulouse, a
security program manager with Microsoft's security response center.

Symantec is studying it as well. The security vendor said it does not
yet know if the attack is specific to PowerPoint, or whether it
affects all Office products.

Copyright 2006 PC World Communications, Inc.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html

For more tech news each day, please go to:
http://telecom-digest.org/td-extra/technews.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: telecomdirect_daily: "TelecomDirect News Daily Update - July 14, 2006"
Go to Previous message: Rick Merrill: "Re: A New Way around the Do Not Call Lists ..."

TELECOM Digest: Home Page

Post Followup Article	Use your browser's quoting feature to quote article into reply
Go to Next message: telecomdirect_daily: "TelecomDirect News Daily Update - July 14, 2006"
Go to Previous message: Rick Merrill: "Re: A New Way around the Do Not Call Lists ..."
TELECOM Digest: Home Page