Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    A new 0-day malware leveraging on a vulnerability found in Microsoft PowerPoint is making rounds. Distributed as attachment to spam messages, specially crafted PowerPoint files are used for exploitation, which would grant cybercriminals access into the affected user’s system.

    The aforementioned files containing the exploit are detected by Trend Micro as TROJ_PPDROP.AB. According to the analysis of Trend Micro Researcher Michael Cortes, upon successful exploitation, TROJ_PPDROP.AB drops the following files in the affected system’s temporary folder:

    TROJ_KUPS.F terminates processes commonly associated with Adobe Reader if found on the system. It also deletes certain registry entries then overwrites the original PowerPoint file with a normal file then executes it, making the user believe that the executed file is non-malicious. It then deletes itself after executing its routines.

    On the other hand, BKDR_KUPS.F checks for Internet connection on the affected system by attempting to connect to www.download.windowsupdate.com. Once connection is verified it then connects to a certain IP address to communicate and wait for further commands. It is reported capable of executing the following commands:

    • send information such as computer name, IP address and OS version.
    • perform a directory search
    • list down the contents of the compromised system.
    • download an updated copy of itself or another malware

    Microsoft already released a security advisory for the vulnerability, and hopefully a fix for it will be available soon. Meanwhile, users are now protected from this threat through the Trend Micro Smart Protection Network.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice