Computer Crime Research Center


New trojan virus

Date: August 23, 2006

A new PowerPoint zero-day Trojan is making the rounds. The vulnerability appears to be a new one and is unrelated to the one fixed in MS06-048 that has already been the subject of a series of attacks.

Although details are sketchy at present, according to Trend Micro, it appears the Trojan is borne by a specially crafted .PPT file that arrives on a system either downloaded from the Internet or dropped by other malware and attempts to exploit vulnerability in PowerPoint.

The dropper file that has been designated TROJ_MDROPPER.BH then drops a randomly named .exe file dubbed TROJ_SMALL.CMZ in the Windows

Temporary folder. When the file executes it allows an attacker to take complete control of an affected system and run arbitrary code.

The Trojan attempts to download all manner of malware from hacker websites and will probably recruit the machine into a botnet. Although the origin of the Trojan is not known, one of the hacker websites traced is apparently located in Taiwan.

According to reports, Microsoft PowerPoint installations used in Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP and Windows 2003 Server systems are reportedly affected. All versions of PowerPoint are said to be affected.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo