Slashdot Mirror

← Back to Stories (view on slashdot.org)

PowerPoint 0-Day Points to Corporate Espionage

Posted by ryuzaki0 on from the best-kind-of-warez dept.

Rakesgate writes "A second Trojan used in the latest zero-day attack against Microsoft Office contains characteristics that pinpoint corporate espionage as the main motive, according to virus hunters tracking the threat. This eWeek story walks through the attack, which uses a tainted 18-slide PowerPoint file, a Trojan dropper, 2 Trojans and a server in China that is used to communicate with compromised machines." From the article: "'Once this type of attack is out, it's very unusual for it to be limited to just one company. I think it's safe to assume that it's ongoing, especially since there is no patch for this vulnerability,' Huger added. Microsoft plans to issue a patch on August 8 for users of Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003. In the meantime, anti-virus experts are urging Microsoft Office users to be on the lookout for suspicious attachments, even those that appear to come from colleagues internally."

5 of 111 comments (clear)

  1. Re:Corporate Espionage by toybuilder · · Score: 3, Informative

    Corporate espionage can include things like customer and vendor lists, and product pricing details. And, many companies are quite secretive about their leading edge R&D.

  2. Re:August 8? by andrewman327 · · Score: 4, Informative

    So do you think that OpenOffice has similar flaws waiting to be exploited? Does that program provide true security or security through obscurity?

    --
    Information wants a fueled airplane waiting at the hangar and no one gets hurt.
  3. Re:Supsicious Files by Anonymous Coward · · Score: 1, Informative
    But what if you receive a Power Point presentation from your manager called "ReadThisOrYourFired.ppt"?

    Open it in OpenOffice.org Impress.

    This is an example of why it's risky to use file formats that are only supported properly by a single application.

  4. Re:August 8? by evil_Tak · · Score: 4, Informative

    OpenOffice's code is a nightmare. That's why they still haven't released an x86-64 port.

    Probably more important is not to run it on top of an OS that blindly gives it access to kernel-level network service code.

  5. Re:0 Day? by Anonymous Coward · · Score: 1, Informative

    It's a 0 day exploit as long as their is no fix. If there is a fix that was released 3 days ago, it's a 3 day exploit. The time period is supposed to indicate how much time people have had to update and patch the broken software.