AOH :: ISNQ3382.HTM

'Merry Christmas to our heroes' e-mail installs malicious code




'Merry Christmas to our heroes' e-mail installs malicious code
'Merry Christmas to our heroes' e-mail installs malicious code



http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9006738 

By Sharon Machlis
December 24, 2006 
Computerworld

A popular Christmas PowerPoint file has been modified to incorporate 
malicious code that gives an attacker unauthorized access to infected 
systems, iDefense warned today.

In an e-mail warning, iDefense said that the e-mail with the subject 
"Merry Christmas to our hero sons and daughters!" and the attachment 
Christmas+Blessing-4.ppt "silently installs a backdoor Trojan horse on 
vulnerable computers." This version of the Hupigon (sometimes also 
called Hupigeon) Trojan installs two files on a compromised system, 
according to Ken Dunham, director of iDefense's Rapid Respones Team: 
msupdate.dll (18,507 bytes) and sdfsc.dll (3 bytes).

A remote Web site used in this attack has been found on a server in 
China, Dunham said.

"Details regarding the PowerPoint exploit are still unclear, but 
detected by a few scanners as a possible MS06-012 exploit," Dunham 
wrote. Such Microsoft Office exploits can allow remote execution of 
commands on infected systems.

Attacks on Microsoft's Office software have been on the rise for months 
now, Marc Maiffret, chief technology officer with security vendor eEye 
Digital Security Inc., said earlier this month. Office vulnerabilities 
were once released "on a monthly basis," he said.

"Now we're at the point where it's almost daily."


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 
 

Site design & layout copyright © 1986-2014 CodeGods