We discovered a malicious MS PowerPoint document that arrives via an attached file attached to specific email messages. The file contains an embedded Flash file, which exploits a software bug found in specific versions of Flash Player (CVE-2011-0611) to drop a backdoor onto users’ systems.
Trend Micro detects the malicious PowerPoint file as TROJ_PPDROP.EVL and the dropped backdoor file as BKDR_SIMBOT.EVL. Reports, as well as our own analysis, confirmed that this kind of malware has been used for targeted attacks in the past.
Reliable Vulnerabilities: Effective Infection Gateways
This case also shows that cybercriminals are continuously taking advantage of previously reported vulnerabilities in popular software such as MS Office applications, Flash etc. In a previous blog entry, we uncovered that old and reported software bugs such as CVE-2010-3333 and CVE-2012-0158 are still being exploited by attackers. This finding highlights two things. First, exploits created for reliable vulnerabilities remain effective cybercriminal tools. Second, most users do not regularly update their systems’ with the latest security patch, which explains why attackers are continuously exploiting these bugs.
Trend Micro protects users from this threat via Smart Network ProtectionT, which blocks the related email and URLs and detects TROJ_PPDROP.EVL and BKDR_SIMBOT.EVL. In this new era where simple documents can lead to information theft, users should be extra cautious before downloading files from email messages, especially those from unknown senders. Users should also regularly keep their systems updated with the latest security patch.
Leave a reply