Chinese Hackers Launch New Office Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
12/27/2006
02:03 PM
50%
50%

Chinese Hackers Launch New Office Attack

Popular Christmas PowerPoint slide show circulating by e-mail contains a security threat developed by paid-for-hire hackers.

A Microsoft PowerPoint presentation circulating via e-mail is the latest example of a 2006 trend in which paid-for-hire Chinese hackers target Western businesses with malicious Office documents, a security researcher said Wednesday.

The newest threat, said Ken Dunham, director of VeriSign iDefense's rapid response team, hides within an apparently innocent PowerPoint slide show, "Christmas+Blessing-4.ppt," which is attached to an e-mail message. The PowerPoint file, which circulated sans exploits last year around Christmas, has been making the rounds since Sunday.

"The reality is that this is a very popular file," said Dunham, "and poorly detected by most antivirus scanners." However, some security companies, including F-Secure, have created signatures to sniff out the threat.

More important is that Christmas+Blessing-4 shares characteristics with the Office document-based attacks that began seven months ago. "This is very similar to other Office attacks from May and June," Dunham said. "It's a targeted attack, this time [against a company] in the public utility sector."

Other Office document exploits--which included ones leveraging zero-day vulnerabilities in Word, Excel, and PowerPoint--also were limited in scope. But that doesn't make them less dangerous, said Dunham. "This kind of attack will be one of the most concerning during 2007. It will be the one that keeps CEOs up at night."

Unlike those earlier attacks, Christmas+Blessing-4 is not a zero-day exploit taking advantage of a vulnerability that hasn't been fixed. "It doesn't work on fully patched computers," Dunham said. After a user opens the PowerPoint file, a variant of the "Hupigon" backdoor Trojan horse is installed on the PC. The Trojan then silently adds two additional files, "msupdate.dll" and "sdfsc.dll," to the system.

IDefense said that the crew responsible for the newest Office attack was Chinese, another similarity with the summer's Word and Excel exploits. Calling the writers "hackers for hire," Dunham said that the rapid shift in China from politically motivated attacks to for-profit hacks is "a cause for concern."

"They're getting paid a whole lot of money," Dunham said. "The capitalist attitude is infiltrating Chinese hackers."

Dunham recommends that users patch their systems--Microsoft Office applications as well as Windows--and refuse to open unsolicited PowerPoint files, especially any attached to e-mails with the subject of "Merry Christmas to our hero sons and daughters!"

Warned Dunham, "If you're not patching promptly, you can expect attacks in 2007."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll