After a blackhat SEO attack, cybercriminals are again using the terrifying catastrophe of Air France Flight 447 or about China-made C919 Jumbo Jets competing with Airbus and Boeing for malicious intent. This time, spam messages are sent with an attached PowerPoint presentation, which is specially crafted to exploit a vulnerability in Microsoft Powerpoint.

The spammed emails suggest that there are images in the attached PowerPoint presentation related to both the China-made jumbo jets and the Air France Flight 447, in order to lure the user into opening the specially crafted file.

The reported circulation of photographs showing the cabin of the Air France Flight 447 has been confirmed as being a hoax, while the China-made C919 Jumbo Jets haven’t been completed yet, announced rolling off the production lines in eight years.

The specially crafted .PPT file is detected by Trend Micro as TROJ_APPTOM.C. It exploits a vulnerability in Microsoft PowerPoint that allows remote code execution. Upon successful exploitation, it drops TROJ_INJECT.AIO which in turn opens a hidden Internet Explorer window and connects to a certain URL, to download additional malicious files.

Users are strongly advised to apply the patch provided by Microsoft to avoid being victimized by this threat. The Smart Protection Network provides protection from this threat by blocking the spam messages and detecting malicious files.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

URL redirection services like TinyURL have grown from almost nothing in recent years, due entirely to the success of Twitter and its 140-character limit. For most users, they represent a welcome convenience as they make their tweets, status messages, and other such space-limited posts throughout the day.

Unfortunately, cybercriminals have used such services as part of various schemes before. Earlier this week, in fact, it’s safe to say the Internet dodged a big bullet.

The database of Cligs, the #4 URL redirection service used on Twitter, was compromised sometime on Sunday night/Monday morning. According to the official Cligs blog, approximately 2.2 million redirects were edited to go to a post talking about Twitter hash tags at a blog maintained by the Orange County Register. It’s unclear who did it and why, although it might well be a case of it being done because it could be done.

While the attack caused little long-term damage, it could have been indescribably worse. Had it happen to a bigger redirection service like Bitly or TinyURL, the numbers of affected users would have been far greater. In addition, the links didn’t go anywhere malicious. It would have been just as easy for the links to go to malware – and it wouldn’t have been very hard to do so in a way that would be invisible to most users.

This could have been a far bigger problem, but thankfully it wasn’t. What it is, however, is a warning about the dangers of URL redirection. There’s not much consumers can do on their own, but providers should double-check their own security measures.