Print this article | E-mail this article | Comment on this article

Zero-Day PowerPoint Exploit Surfaces

By Nate Mook, BetaNews

July 13, 2006, 4:26 PM

Symantec on Wednesday issued an advisory about a new trojan that takes advantage of an undocumented vulnerability in PowerPoint to infect a victim's computer with a backdoor. The malware, dubbed Trojan.PPDropper.B, uses a malformed string to execute code and modify EXPLORER.EXE.

While Symantec only gives PPDropper.B a risk level of "Very Low," Sunbelt Software CEO Alex Eckelberry notes that the attack looks more intended for corporate espionage than causing widespread damage. The trojan is currently being spread via e-mail, with a subject containing Chinese characters.

Add a Comment (14 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

By Spyderloco

posted Jul 14, 2006 - 8:53 PM

I got a fever...and the only thing that's gonna cure it is.....

.....more cowbell!

Score: 0

By mjm01010101

posted Jul 14, 2006 - 2:37 PM

This is now approaching critical mass. Unlike the previous zero days, there are few workarounds other than blocking them at the gateway.

Score: 0

By xyzcb1

posted Jul 13, 2006 - 11:42 PM

i don't know much people use PPT except in the corporate world. Most of the time, they create their out presentation and pass around with their own small team. And again, this require user to open the file from stranger

Score: 0

By Spyderloco

posted Jul 13, 2006 - 9:32 PM

Blah blah blah.

More holes in software.

Blah blah blah.

It will never stop so get over it.

Score: 0

By wincement

posted Jul 14, 2006 - 10:50 AM

If you're trying to get your account terminated, I'd say you're well on your way. Keep up the good work!

Score: 0

By Spyderloco

posted Jul 14, 2006 - 6:38 PM

If you're trying to look like a knownothing idiot, I'd say you're well on your way. Keep up the good work!

Score: 0

By crashoverride

posted Jul 17, 2006 - 12:45 AM

Normally I don't agree with wincement on very much but this time I have to agree. You need to use that brain between you ears for something besides holding up your hair.

Score: 0

By GCoder

posted Jul 13, 2006 - 5:29 PM

Swiss Cheese will always have holes no matter how much you try and patch it.

Score: 0

By mjm01010101

posted Jul 13, 2006 - 5:55 PM

What if I just eat it?

mmmmm swiss.
mmmmm cheese.

Score: 0

By Grazer

posted Jul 14, 2006 - 12:42 PM

Then GCoder will hunt you down and destroy you. "Swiss Cheese" is their motto.

I sometimes wonder if they keep a single post in a text file somewhere and just paste it in whenever one of these stories pops up.

Score: 0

By wincement

posted Jul 14, 2006 - 1:33 PM

Actually, most companies do have a template of some sort for handling outages, technical problems, etc.

Score: 0

By Grazer

posted Jul 14, 2006 - 2:33 PM

Huh? By "they", I meant GCoder, I prefer "they" over "(s)he".

Score: 0

By wincement

edited Jul 14, 2006 - 2:44 PM

oh lol...

I thought it was sort of a random change of subject. Sorry. =p

Score: 0

By The MAZZTer

posted Jul 13, 2006 - 4:54 PM

Hmm... pretty stealthy of it... once it infects the computer it replaces the bad PPT file with a good one so that it opens and the user is none the wiser...

Score: 0

Oct 13 - 5:16 PM ET Everyone talk at once: .NET 4.0 will include Parallel Extensions

Oct 13 - 5:15 PM ET MySpace opens its user-created advertisement platform

Oct 13 - 5:11 PM ET FCC report opens the door for white spaces devices

Oct 13 - 1:03 PM ET Final Silverlight 2.0 to ship tomorrow

Oct 13 - 11:57 AM ET CBS goes after Hulu by aligning with YouTube

Oct 13 - 11:25 AM ET Microsoft finds published exploit of Vista privilege elevation hole

Oct 11 - 11:16 AM ET Things left unsaid, in a recent interview with Sony's CEO

Oct 11 - 11:03 AM ET EU regulations block Italian ISPs from blocking Pirate Bay

Oct 11 - 10:55 AM ET Making it to Apple's App Store by staying out of court

Oct 10 - 7:43 PM ET Wal-Mart changes its mind, leaves existing DRM servers up