By Sharon Machlis
December 24, 2006
A popular Christmas PowerPoint file has been modified to incorporate
malicious code that gives an attacker unauthorized access to infected
systems, iDefense warned today.
In an e-mail warning, iDefense said that the e-mail with the subject
"Merry Christmas to our hero sons and daughters!" and the attachment
Christmas+Blessing-4.ppt "silently installs a backdoor Trojan horse on
vulnerable computers." This version of the Hupigon (sometimes also
called Hupigeon) Trojan installs two files on a compromised system,
according to Ken Dunham, director of iDefense's Rapid Respones Team:
msupdate.dll (18,507 bytes) and sdfsc.dll (3 bytes).
A remote Web site used in this attack has been found on a server in
China, Dunham said.
"Details regarding the PowerPoint exploit are still unclear, but
detected by a few scanners as a possible MS06-012 exploit," Dunham
wrote. Such Microsoft Office exploits can allow remote execution of
commands on infected systems.
Attacks on Microsoft's Office software have been on the rise for months
now, Marc Maiffret, chief technology officer with security vendor eEye
Digital Security Inc., said earlier this month. Office vulnerabilities
were once released "on a monthly basis," he said.
"Now we're at the point where it's almost daily."
Subscribe to InfoSec News