Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, are analyzing
a malicious Microsoft PowerPoint file that exploits an unpatched
vulnerability in the software in order to spy upon computer
users.
The suspect PowerPoint PPT file, which contains "humorous"
philosophy about love between men and women and is believed to have
been distributed via email, contains exploit code that drops the
Troj/Edepol-C
keylogging Trojan horse onto users' computers.
The Trojan horse also attempts to disable anti-virus products
running on the infected computer.
The PowerPoint presentation discusses
relationships between men and women but secretly drops a Trojan
horse onto computers.
The first slide in the presentation can be translated as
follows:
What is romantic? You know the girl doesn't like him, but
still sends her 999 roses; What is wasteful? You know the girl does
like him, but still sends her 999 roses.
The next slide translates as:
There are two types of women: one is posh, and another is
normal. The posh is for somebody else, the normal one is for family
and husband.
During marriage a husband only sees his normal wife and
during affair the husband will see the posh woman.
This is analysis of the reason why men have affairs. This is
wonderful.
In total there are 18 slides in the presentation.
"The hackers exploiting this unpatched hole in PowerPoint appear
to have timed the release of their malicious code to deliberately
follow Microsoft's
monthly security announcement," said Graham Cluley, senior
technology consultant for Sophos. "The bad news for Microsoft and
its customers is that there was no fix for this problem in that
bundle of patches. All computer users need to be exercise great
caution over unsolicited email attachments. The only people who are
going to have a warm glow inside from the words of love in this
presentation are likely to be the hackers behind the attack."
Sophos experts are continuing to examine the Powerpoint file
which contains the exploit.
In May, in a similar incident, Sophos reported how
hackers exploited a zero day vulnerability in Microsoft Word with
the Troj/Oscor-B Trojan horse.
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses, spyware and spam, as well as apply an email policy
that filters unsolicited content at the gateway. Businesses should
also secure their desktop and servers with automatically updated
protection and firewalls.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.