New Zero-Day PowerPoint Attack Under Way - InformationWeek
02:36 PM

New Zero-Day PowerPoint Attack Under Way

There's more bad news for Office users. An unpatched bug in Microsoft's PowerPoint presentation maker is being exploited.

An unpatched bug in Microsoft's PowerPoint presentation maker is being exploited by an in-the-wild attack, Symantec researchers said Thursday, marking the latest bad news for Office users.

According to the Cupertino, Calif. security vendor's threat analysis team, attacks are currently under way using an unpatched vulnerability in PowerPoint. If the "zero-day" attack is successful, the hacker gains complete control of the compromised computer.

The attack is carried out by a Trojan horse with the moniker "PPDDropper.b," which hides inside a malicious PowerPoint file attached to an e-mail with a Google Gmail return address. PPDDropper.b, in turn, drops a backdoor component, dubbed "Bifrose.e" by Symantec. Bifrose.e then injects a malicious routine into Windows' EXLORER.EXE process, and overwrites the malformed PowerPoint file with a new, clean presentation document.

"The attackers are trying to slide under the radar," said David Cole, the director of Symantec's security response center. "Once they get onto a PC, they think if they delete the infected file there's less chance of getting caught.

"They're trying to get rid of the evidence, throw away the crowbar they used to wedge the door open," Cole added.

That part of the process is identical to one used last month by a now-patched Excel attack. In fact, said Cole, there were several other similarities between the Excel and PowerPoint exploits.

"Both use a two-step attack, a dropper Trojan and a backdoor," he said. "Both were launched by messages written in Chinese."

The similarities led Cole to believe that the two attacks could be the work of the same group. "That's as much as we could say, though, at this point."

Unlike the Excel bug, the PowerPoint flaw -- confirmed only in PowerPoint 2003 thus far -- remains open to attack. Microsoft issued three security updates Tuesday to fix various versions of Office and its applications, but the Thursday bug was not among the 13 flaws patched.

Microsoft's Office suite has faced a number of attacks and owned up to numerous vulnerabilities in the last two months. In May, a serious bug in Microsoft Word was used in by hackers to target one or more corporations. During June, several flaws were disclosed in the suite's Excel spreadsheet.

"The attention to Office underlines the shift toward target attacks," Cole said. "If espionage and data theft are why attacks take place, what format is that data in? Microsoft Office. It's really that simple."

Symantec advised users to avoid opening PowerPoint documents received via e-mail until a patch was issued by Microsoft; its researchers also told users to consult the mitigation tactics laid out in the MS06-038 security bulletin posted Tuesday on the Microsoft Web site.

Microsoft did not immediately respond to a request for confirmation from its Security Response Center (MSRC).

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll