Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Poisoned PowerPoint attacks users ~ Another danger from Malware.....
BBC ^ | Thursday, 20 July 2006, 07:30 GMT 08:30 UK | BBC Staff

Posted on 07/20/2006 11:44:22 AM PDT by Ernest_at_the_Beach

Poisoned PowerPoint attacks users

Box shot of PowerPoint 2003, Microsoft

The booby-trapped file has been spammed out in e-mail

Microsoft is warning Windows users about a virus that takes over PCs via the popular PowerPoint program.

Attached to the virus is a poisoned presentation that, if opened, installs keylogging software on a computer.

Users are being told to take care because it could be weeks before Microsoft produces a patch that protects against the security loophole.

So far relatively few people are thought to have been caught out by the booby-trapped presentation.

Nasty bug

The bug that the malicious hackers behind the virus have exploited has been found in PowerPoint 2000, 2002 and 2003.

Security experts said the virus was aimed at companies in Asia because Chinese characters are used in the subject line of the e-mail the booby-trapped files are attached to and in name of the poisoned PowerPoint presentation.

The presentation purports to be 18 humorous slides about love between men and women.

The PowerPoint presentation is attached to an e-mail that arrives from a Google GMail address.

Anyone opening the PowerPoint file will trigger the virus that installs a keylogger that records everything typed on an infected machine. It also opens up a backdoor into that machine that the creators of the virus are likely to exploit to gather the recorded keystrokes or to install other malicious programs.

Chinese net cafe, AP
The virus is known to be hitting Windows users in Asia

Once a machine has been compromised the virus installs a blank version of the poisoned presentation to hide evidence that a computer has been taken over.

In an advisory about the exploit Microsoft said "limited" attacks were taking place using the bug and added: "In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker."

The bug is known as a "zero-day" attack because it was exploited so soon after being discovered.

To protect themselves against hackers exploiting the bug, Microsoft warned users not to open or save PowerPoint files that turn up unexpectedly - even if they are from trusted sources.

PowerPoint has become widely used in businesses for presentations.

The virus bearing the booby-trapped PowerPoint files started circulating a day after Microsoft issued a series of software patches as part of its regular security updates. Typically these updates are issued on the second Tuesday of every month.

Security firms said the timing was deliberate as it gave the virus the longest chance to rack up victims before Microsoft gets round to closing the loophole.

Microsoft said it was on target to release a patch to protect against the exploit on 8 August.




TOPICS: Crime/Corruption; Extended News; News/Current Events; Technical
KEYWORDS: malware; sellmsft; spyware; windows
Navigation: use the links below to view more comments.
first 1-2021-4041 next last

1 posted on 07/20/2006 11:44:24 AM PDT by Ernest_at_the_Beach
[ Post Reply | Private Reply | View Replies]

To: Ernest_at_the_Beach

Don't. Open. Attachments.


2 posted on 07/20/2006 11:46:38 AM PDT by Lunatic Fringe (Man Law: You Poke It, You Own It)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
From ZDNET:

New PowerPoint hole used in cyberattacks

*************************************************************

Joris Evers, Special to ZDNet
July 14, 2006
URL: http://www.zdnet.com.au/news/security/soa/New_PowerPoint_hole_used_in_cyberattacks/0,2000061744,39263429,00.htm


Just one day after Microsoft's monthly patch was delivered, a new security hole in Microsoft Office was being exploited in cyberattacks.

These attacks take advantage of a previously unknown vulnerability in PowerPoint for which no patch is available, security experts at Symantec said in an alert issued on Wednesday. The flaw might affect Microsoft Office in general, according to the alert.

Microsoft is investigating the issue, it said in an e-mailed statement on Thursday. The company is aware of attacks that exploit the flaw, but those are "extremely limited, targeted attacks," it said. For an attack to be successful, users must open a malicious PowerPoint file provided to them, for example via e-mail, Microsoft noted.

It seems like history is repeating itself. Days after last month's "Patch Tuesday," security experts raised the alarm on a "zero-day" flaw in Microsoft's Excel that was being used in targeted attacks. Microsoft released a fix for the Excel vulnerability last Tuesday.

Like the Excel flaw, the PowerPoint vulnerability can allow an attacker to gain complete control over a vulnerable PC, Symantec said. "When a user launches the (malicious) PowerPoint document, the vulnerability is triggered. Successful exploitation of this issue leads to remote code execution," Symantec said in its alert.

On Tuesday, Microsoft released seven security bulletins with fixes for 18 vulnerabilities in several of its products, including many in Office. Some security experts believe the timing of an attack right after a monthly patch day is no coincidence. Microsoft typically does not release fixes outside of its monthly patching cycle for such flaws.

"It looks like the bad guys are waiting for the Microsoft patch days in order to use some more vulnerabilities in Office," said Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. "They will now have at least one more month for their attacks."

Microsoft said it will take action to protect customers upon completion of its investigation into the new flaw. This may include issuing a security advisory or providing a security update through its monthly release process, the company said.

Meanwhile, the software giant left two already known security vulnerabilities unfixed on Tuesday. One of the flaws lies in a Windows component called "hlink.dll" and could be exploited by crafting a malicious Excel file. Another affects Japanese, Korean or Chinese language versions of Excel. Both flaws could completely compromise a PC if a targeted user opens a malicious file.

Although Microsoft was aware of the two vulnerabilities prior to the July security bulletin release, both issues were reported too late in the engineering process for the company to include security updates with the July release, a Microsoft spokesman said.

Proof of concept code that exploits both flaws has been released publicly for both of these flaws, but there are no reports of active attacks, Microsoft said.

"So we have two old unpatched holes and one new one," Marx said. "We're up to three troublemakers now. Excel and PowerPoint can be quite dangerous, at least until the next patch day."

3 posted on 07/20/2006 11:47:12 AM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

Bookmarked


4 posted on 07/20/2006 11:48:46 AM PDT by stylin_geek (Liberalism: comparable to a chicken with its head cut off, but with more spastic motions)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Lunatic Fringe

But it is an interesting topic....must send to my daughter who loves Powerpoint.......


5 posted on 07/20/2006 11:49:15 AM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 2 | View Replies]

To: SittinYonder
Remind people to not open attachments on the computers. Even if they know, remind them. From the story:

The PowerPoint presentation is attached to an e-mail that arrives from a Google GMail address.

6 posted on 07/20/2006 11:49:55 AM PDT by eyespysomething (How do I set a laser printer to stun?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
MSFT patch might do much good since the idiots are Microsoft infected my PC with pop up message that my Windows "may be counterfeit" and they will not permit security downloads.

This notwithstanding the fact that my Windows has run for YEARS without any problem. It came loaded on the computer from a well known, and certainly reputable, national chain store AND I have all the original documentation under which I registered it years ago.

Microsoft - idiots.
7 posted on 07/20/2006 11:50:09 AM PDT by BenLurkin ("The entire remedy is with the people." - W. H. Harrison)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

8 posted on 07/20/2006 11:50:23 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

Does OpenOffice have this problem?

Thought I'd ask....


9 posted on 07/20/2006 11:54:49 AM PDT by TWohlford
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin


Are you dialup?

If on broadband...

Do you have a firewall?


10 posted on 07/20/2006 11:56:33 AM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Ernest_at_the_Beach

-ccm

11 posted on 07/20/2006 11:57:58 AM PDT by ccmay (Too much Law; not enough Order)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

Please take a look at your FReepMail.


12 posted on 07/20/2006 11:59:41 AM PDT by BenLurkin ("The entire remedy is with the people." - W. H. Harrison)
[ Post Reply | Private Reply | To 10 | View Replies]

To: TWohlford; BenLurkin
From the ZDNet article:

*******************************

Just one day after Microsoft's monthly patch was delivered, a new security hole in Microsoft Office was being exploited in cyberattacks.

These attacks take advantage of a previously unknown vulnerability in PowerPoint for which no patch is available, security experts at Symantec said in an alert issued on Wednesday. The flaw might affect Microsoft Office in general, according to the alert.

Microsoft is investigating the issue, it said in an e-mailed statement on Thursday. The company is aware of attacks that exploit the flaw, but those are "extremely limited, targeted attacks," it said. For an attack to be successful, users must open a malicious PowerPoint file provided to them, for example via e-mail, Microsoft noted.

It seems like history is repeating itself. Days after last month's "Patch Tuesday," security experts raised the alarm on a "zero-day" flaw in Microsoft's Excel that was being used in targeted attacks. Microsoft released a fix for the Excel vulnerability last Tuesday.

Like the Excel flaw, the PowerPoint vulnerability can allow an attacker to gain complete control over a vulnerable PC, Symantec said. "When a user launches the (malicious) PowerPoint document, the vulnerability is triggered. Successful exploitation of this issue leads to remote code execution," Symantec said in its alert.

On Tuesday, Microsoft released seven security bulletins with fixes for 18 vulnerabilities in several of its products, including many in Office. Some security experts believe the timing of an attack right after a monthly patch day is no coincidence. Microsoft typically does not release fixes outside of its monthly patching cycle for such flaws.

"It looks like the bad guys are waiting for the Microsoft patch days in order to use some more vulnerabilities in Office," said Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. "They will now have at least one more month for their attacks."

Microsoft said it will take action to protect customers upon completion of its investigation into the new flaw. This may include issuing a security advisory or providing a security update through its monthly release process, the company said.

Meanwhile, the software giant left two already known security vulnerabilities unfixed on Tuesday. One of the flaws lies in a Windows component called "hlink.dll" and could be exploited by crafting a malicious Excel file. Another affects Japanese, Korean or Chinese language versions of Excel. Both flaws could completely compromise a PC if a targeted user opens a malicious file.

Although Microsoft was aware of the two vulnerabilities prior to the July security bulletin release, both issues were reported too late in the engineering process for the company to include security updates with the July release, a Microsoft spokesman said.

Proof of concept code that exploits both flaws has been released publicly for both of these flaws, but there are no reports of active attacks, Microsoft said.

"So we have two old unpatched holes and one new one," Marx said. "We're up to three troublemakers now. Excel and PowerPoint can be quite dangerous, at least until the next patch day."

13 posted on 07/20/2006 11:59:46 AM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 9 | View Replies]

To: BenLurkin
That'd be the new "Genuine Advantage" thing that's not only incorrectly titled but fantastically annoying. There's a Microsoft website that can correct that situation, which hit me in the middle of a laptop rebuild on a perfectly valid license. I was...not pleased...

I'll see if I can dig up the URL for ya...

14 posted on 07/20/2006 12:01:59 PM PDT by Billthedrill
[ Post Reply | Private Reply | To 7 | View Replies]

To: Billthedrill

Thanks. WOuld appreciate any help.


15 posted on 07/20/2006 12:04:22 PM PDT by BenLurkin ("The entire remedy is with the people." - W. H. Harrison)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Ernest_at_the_Beach

You know how the end user license agreement of popular software packages requires you to hold harmless the provider, well....

In a recent NJ supreme court ruling (Hojnowski v. Vans Skate Park, A-2028-03T5) invalidated a waiver signed by the mother of a boy who was hurt a skate board park, finding that the rights of children to seek legal remedies trumps parental rights to choose a child's activities.

"To permit waivers of liability would remove a significant incentive for operators of these types of facilities that attract children to take reasonable steps to protect their safety. The overwhelming majority of jurisdictions are in accord with the decision to invalidate such waivers."

If the above were to apply to software, then even though a parent accepted the terms of the end user license, if a minor were using the software and it faulted, then it would be funny to see if the waiver of liability applied equally well to the child's use of the software.


16 posted on 07/20/2006 12:05:44 PM PDT by rit
[ Post Reply | Private Reply | To 1 | View Replies]

To: Billthedrill
Here's what the Micro$oft documentation says:

Q: What do I do if I fail the validation test, but am certain that I purchased/have a genuine copy?
A: Contact the reseller that you purchased your PC from. If your reseller is unable to help you, contact your local Microsoft call center. The Microsoft call center agent can help you verify whether the Product Key installed on your PC is genuine. The majority of customers who fail validation purchased their PCs from system builders. The PCs came with a genuine COA, but Windows was installed using an invalid Product Key. For customers who have a legal Product Key from the COA or the backup media that came with the PC, the call center agent can point customers to a Product Key Update tool which customers can use to convert their system to genuine using the legit Product Key they have.

What I did was make the call, give the lady my license key, and receive a redirection via email to a website in which she'd placed whatever information was necessary to fix the dang thing. Mine won't work for you, but give 'em a call. I will say she was most apologetic...but this should never have happened.

17 posted on 07/20/2006 12:12:18 PM PDT by Billthedrill
[ Post Reply | Private Reply | To 14 | View Replies]

To: Ernest_at_the_Beach

Microsoft® - Where quality is job 1.4


18 posted on 07/20/2006 12:14:26 PM PDT by tx_eggman (Islamofascism ... bringing you the best of the 7th century for the past 1300 years.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

eek! Keyloggers are the worst!


19 posted on 07/20/2006 12:15:27 PM PDT by KoRn
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lunatic Fringe
Don't. Open. Attachments.

I imagine that soon, because of these new threats, that email servers will start helpfully purging powerpoint presentations from email for you.  Granted, PP is a scourge, but Why The Heck can a presentation infect your computer?

I recently had issues with one of my programmers trying to send me a javascript file in email that needed to be migrated to our test servers. Either Outlook or Exchange helpfully deleted the offending script, because everyone knows that noone uses email to actually do work (/sarcasm).

Microsoft: how shall we impede your work today? 

20 posted on 07/20/2006 12:16:44 PM PDT by zeugma (I reject your reality and substitute my own in its place.)
[ Post Reply | Private Reply | To 2 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson