PowerPoint 0-Day Points to Corporate Espionage

Rakesgate writes "A second Trojan used in the latest zero-day attack against Microsoft Office contains characteristics that pinpoint corporate espionage as the main motive, according to virus hunters tracking the threat. This eWeek story walks through the attack, which uses a tainted 18-slide PowerPoint file, a Trojan dropper, 2 Trojans and a server in China that is used to communicate with compromised machines." From the article: "'Once this type of attack is out, it's very unusual for it to be limited to just one company. I think it's safe to assume that it's ongoing, especially since there is no patch for this vulnerability,' Huger added. Microsoft plans to issue a patch on August 8 for users of Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003. In the meantime, anti-virus experts are urging Microsoft Office users to be on the lookout for suspicious attachments, even those that appear to come from colleagues internally."

Supsicious Files

[neonprimetime]

In the meantime, anti-virus experts are urging Microsoft Office users to be on the lookout for suspicious attachments, even those that appear to come from colleagues internally

But what if you receive a Power Point presentation from your manager called "ReadThisOrYourFired.ppt"? It looks suspicious, but oh the dilema.

Re:Supsicious Files

[WhiteWolf666]

Simple. You're really not thinking like a PHB. Stop thinking like an engineer, and start thinking like a moron!

You receive said PowerPoint. You immediately set out to install a special PowerPoint Viewing Cart, complete with portable generator, portable PC, portable projector, and portable screenbooth (think 4 Chinese folding wall screens with a roof). Even though you've created a special system to "isolate" your PowerPoints, you make sure it's got full network access via 802.11, with RW support on all shares, globally.

If you can't build this setup by stealing the parts from a coworker's desk or the conference room, order them all. Better yet, setup an auction website where suppliers can bid on the various parts of your setup. You, of course, send money before you receive product; after all, you've gotten the lowest cost option, so you can risk the capital.

Then, watch said PowerPoint on the PowerPoint Viewing Cart. Proceed to tell boss that you thought this high priority PowerPoint was, indeed, from him, and that since it blew away the PowerPoint Viewing Cart, you now need to spend the rest of the week repairing it. If he asks you why you are repairing it, make sure to make it clear that you want him to be able to view the high priority PowerPoint he had just received, "ReadThisNowOrYourStockOptionsWillExpire.ppt" . Explain to him the virtues of private viewing environment, portable generator, and dolby surround sound.

Voila! Much like any MSCE, you've turned a Microsoft Product into a never ending source of contract work, all without quitting your day job.

Re:Suspicious Files

[Mr.+Bad+Example]

> But what if you receive a Power Point presentation from your
> manager called "ReadThisOrYourFired.ppt"?

I'd quit. I refuse to work for anyone who can't tell the difference between a possessive pronoun and a contraction.

Sweet Excuse!

[bigtimepie]

lookout for suspicious attachments, even those that appear to come from colleagues internally

Sorry, Boss, I never got those reports... the IT guy told me I shouldn't open attachments until the new MS patch is out!

Re:Suspicious Files

[gEvil+(beta)]

I'd quit because I refuse to work for anyone who uses PowerPoint as a primary form of communication.

Re:Chinese Firewalls

[MarkByers]

Why can't the Chinese set up thier firewalls block this kind sh*t?

That's a ridiculous suggestion. It's not the job of the Chinese government to monitor all traffic going in and out of China.

Oh wait..