After a blackhat SEO attack, cybercriminals are again using the terrifying catastrophe of Air France Flight 447 or about China-made C919 Jumbo Jets competing with Airbus and Boeing for malicious intent. This time, spam messages are sent with an attached PowerPoint presentation, which is specially crafted to exploit a vulnerability in Microsoft Powerpoint.
The spammed emails suggest that there are images in the attached PowerPoint presentation related to both the China-made jumbo jets and the Air France Flight 447, in order to lure the user into opening the specially crafted file.
The reported circulation of photographs showing the cabin of the Air France Flight 447 has been confirmed as being a hoax, while the China-made C919 Jumbo Jets haven’t been completed yet, announced rolling off the production lines in eight years.
The specially crafted .PPT file is detected by Trend Micro as TROJ_APPTOM.C. It exploits a vulnerability in Microsoft PowerPoint that allows remote code execution. Upon successful exploitation, it drops TROJ_INJECT.AIO which in turn opens a hidden Internet Explorer window and connects to a certain URL, to download additional malicious files.
Users are strongly advised to apply the patch provided by Microsoft to avoid being victimized by this threat. The Smart Protection Network provides protection from this threat by blocking the spam messages and detecting malicious files.