Computer users were warned against a malicious Microsoft PowerPoint file making the rounds of the Internet, via an attached file in email messages.
Security vendor Trend Micro said the file actually contains an embedded Flash file that exploits bugs in older versions of Flash Player to drop a backdoor on infected machines.
"Users who open the malicious .PPT file triggers the shellcode within the Flash file that exploits CVE-2011-0611, and then drops 'Winword.tmp' in the Temp folder. Simultaneously, it also drops a non-malicious PowerPoint presentation file 'Powerpoint.pps,' tricking users into thinking that the malicious file is just your average presentation file," Trend Micro said in a blog post.
It said its analysis showed “Winword.tmp” is a backdoor that connects to remote sites to communicate with a possible malicious user.
Also, the file is capable of downloading and executing other malware leaving infected systems susceptible to other, more menacing threats such as data stealing malware, it added.
Trend Micro products can detect the malicious PowerPoint file as TROJ_PPDROP.EVL and the dropped backdoor file as BKDR_SIMBOT.EVL.
"Reports, as well as our own analysis, confirmed that this kind of malware has been used for targeted attacks in the past," it said.
Trend Micro also noted recent threats are no longer limited to malicious files disguised as ordinary binaries (such as .EXE file) attached to emails.
It said these specially crafted files can be embedded in commonly used files such as PDF, DOC, PPT or XLS files.
"In this particular scenario, users are unaware of the attack since TROJ_PPDROP.EVL also displays a non-malicious PowerPoint file to serve as a decoy," it said.
On the other hand, it said this case also shows that cybercriminals are continuously exploiting previously reported vulnerabilities in popular software such as Microsoft Office applications and Flash.
Trend Micro also pointed out old and reported software bugs are still being exploited by attackers.
"This finding highlights two things. First, exploits created for reliable vulnerabilities remain effective cybercriminal tools. Second, most users do not regularly update their systems’ with the latest security patch, which explains why attackers are continuously exploiting these bugs," it said. — RSJ, GMA News
source: gmanetwork.com
