Slashdot Mirror

← Back to Stories (view on slashdot.org)

PowerPoint 0-Day Points to Corporate Espionage

Posted by ryuzaki0 on from the best-kind-of-warez dept.

Rakesgate writes "A second Trojan used in the latest zero-day attack against Microsoft Office contains characteristics that pinpoint corporate espionage as the main motive, according to virus hunters tracking the threat. This eWeek story walks through the attack, which uses a tainted 18-slide PowerPoint file, a Trojan dropper, 2 Trojans and a server in China that is used to communicate with compromised machines." From the article: "'Once this type of attack is out, it's very unusual for it to be limited to just one company. I think it's safe to assume that it's ongoing, especially since there is no patch for this vulnerability,' Huger added. Microsoft plans to issue a patch on August 8 for users of Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003. In the meantime, anti-virus experts are urging Microsoft Office users to be on the lookout for suspicious attachments, even those that appear to come from colleagues internally."

8 of 111 comments (clear)

  1. Corporate Espionage by panaceaa · · Score: 4, Insightful

    Is corporate espionage actually valuable? I'm currently working at Adobe, and development plans are pretty widely discussed amongst employees. If something were to leak, I'm not sure what the value of it would be. The only real data points that are heavily protected are financial results and projections, and the product release dates that those rely on. But I'm pretty sure those are only protected for Wall Street purposes.

    What kind of data do corporate spies hope to obtain? Would that data be actionable -- e.g, could a company come up with a competing product and be first to market if another company's already half way there?

    --
    my blog
    1. Re:Corporate Espionage by ikandi · · Score: 2, Insightful

      Not for Adobe competitors - there aren't any.

    2. Re:Corporate Espionage by Angostura · · Score: 3, Insightful

      So you knew about the Macromedia buyout how many weeks in advance?

    3. Re:Corporate Espionage by Renraku · · Score: 3, Insightful

      You know that the chinese can make 90% accurate ripoffs of expensive-but-cheap items like Oakleys, rolexes, etc..you know how? Espionage. Most of the time those near-perfecto replicas come from a Chinese factory that got ahold of the plans and/or schematics for a device.

      The Chinese could manufacture a PS2 controller for like $5 if they wanted. Perfect replica of the official Sony one, down to the markings and logos.

      --
      Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  2. Re:Chinese Firewalls by vishbar · · Score: 2, Insightful

    [Puts on tin foil hat]

    Sometimes I'm suspicious of the Chinese government..well, actually, ALL the time I'm suspicious of the Chinese government. They call it corporate espionage...what if it's just...well...regular espionage by a curious Communist nation?

    Of course, this is complete tin foil hat speculation with no good evidence to back it up, but the suspicion still rests in the back of my mind.

    --
    Ride the skies
  3. We seem to be working through the MS wheel by Centurix · · Score: 2, Insightful

    Word, Excel, IE, PowerPoint, OE, Windows itself.

    I'm now preparing for the 0-day notepad exploit...

    --
    Task Mangler
  4. Re:Chinese Firewalls by ArcherB · · Score: 2, Insightful

    In a communist country, all business is owned and controlled by the government. So corporate espianage is government spying. (insert mother russia joke here).

    So, put your tin-foil hat back on. It is warranted.

    --
    There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
  5. they're everywhere! by jhackworth · · Score: 1, Insightful

    "Symantec's Huger said the sophisticated nature of the attacks suggest it is the work or well-organized criminals associated with industrial espionage."

    Fortunately Symantec is coming up with several ways to protect and save us from this nefarious criminal underground. Sorry Symantec, but my suspicion alert level is glowing bright red.

    I don't recall the last time my machine was infected by software that another piece of software could actually do something about it (e.g. virus, trojan, etc). Mostly its just spyware and rootkits that I don't even know are there until my machine starts running really slow. In spite of this, I've been running some sort of AV application on every system I own for the last 5+ years (basically since I plugged into an always on, broadband connection). The other day I began wondering how much power the aggregate compute cycles for my systems has consumed simply loading the AV software and doing whatever scans are necessary. Then I began wondering about this for all machines everywhere. Besides reduced power bills, what benefit could be derived from diverting all those wasted cycles to a task of tangible benefit?

    Of course the other side of this argument points to the eradication of polio from a long-term vaccination regimen and resurgence in places where vaccination isn't occurring.

    In any case, it tickles some nerve deep in my brain when I realize that the folks that are screaming loudest about computer security are also those who stand to benefit most by hocking their wares.