PowerPoint Zero-Day Attack Points to Corporate Espionage

A second Trojan used in the latest zero-day attack against Microsoft Office contains characteristics that pinpoint corporate espionage as the main motive, according to virus hunters tracking the threat.

According to an alert from Symantec, a backdoor called Trojan.Riler.F is installing itself as a layered service provider, or LSP, allowing it access to every piece of data entering and leaving the infected computer.

An LSP is a legitimate system driver linked deep into the networking services of Windows. It is used primarily to allow the operating system to connect to other computers, but virus writers have found a way to make malicious programs work as LSPs to hijack sensitive data during transmission.

Symantec, of Cupertino, Calif., said the Trojan also opens a back door on the compromised system and connects to the “soswxyz.8800.org” domain. The Trojan then listens and waits for commands from a remote attacker.

Alfred Huger, senior director of engineering at Symantec, said the dirty PowerPoint file infects the machine with a piece of malware called Trojan.PPDropper.C which in turn drops two separate backdoors that give the attack unauthorized access to the compromised computer.

The first Trojan, called Backdoor.Bifrose.E, logs keyboard strokes, hijacks sensitive system data and transmit the information back to a remote server hosted in China.

F-Secure, an anti-virus vendor with headquarters in Finland, said the Bifrose backdoor file is an uncompressed PE executable that is encrypted with a simple algorithm. The backdoor is programmed to connect to “pukumalon.8800.org,” which is a free host bouncing service in China.

The 8800.org domain, like other similar hosting services, has been used in several zero-day attacks this year, according to F-Secure researcher Mikko Hypponen.

The F-Secure anti-virus team found backdoors connecting to China-hosted domains in March 2005, September 2005, March 2006, April 2006, May 2006 and July 2006.

“If you’re not in China and your users are not supposed to access different Chinese services, blocking might not break too many things,” Hypponen said.

Read the full story on eWEEK.com: PowerPoint Zero-Day Attack Points to Corporate Espionage

Feeling stuck in self-doubt?

Stop trying to fix yourself and start embracing who you are. Join the free 7-day self-discovery challenge and learn how to transform negative emotions into personal growth.

Join Free Now

Picture of Ryan Naraine

Ryan Naraine

TRENDING AROUND THE WEB

4 zodiac signs who become more successful and rich with age

4 zodiac signs who become more successful and rich with age

The Blog Herald

7 subtle behaviors of mysterious and attractive women that set them apart

7 subtle behaviors of mysterious and attractive women that set them apart

Global English Editing

People who become rich and wealthy later in life typically display these 8 daily habits

People who become rich and wealthy later in life typically display these 8 daily habits

Personal Branding Blog

If you recognize these 8 signs, you have a higher level of intellect than 95% of people

If you recognize these 8 signs, you have a higher level of intellect than 95% of people

Small Business Bonfire

Was Jesus a shaman? Reclaiming the wild Christ

Was Jesus a shaman? Reclaiming the wild Christ

The Vessel

If you’re going through challenging times, these 6 habits will make you stronger

If you’re going through challenging times, these 6 habits will make you stronger

Jeanette Brown