It’s the season of giving and unfortunately, malware authors are feeling generous.
A Trojan detected by Trend Micro as TROJ_PPDROP.K is being spammed through email as a PowerPoint slideshow with the filename Merry Christmas.pps-1. When the user opens the file, it exploits an older, known vulnerability in unpatched Microsoft Excel versions — which then extracts and executes another file, Merry Christmas.exe-1 — detected as BKDR_AGENT.ADGS.
This backdoor then injects into Outlook Express, gathering email account credentials and webmail logins, which it then sends to a specific email address.
Trend Micro highly recommends that Microsoft Windows users regularly and promptly install security patches on their systems, as well as all of their Microsoft Office (and other third-party) applications to avoid being affected.
Also, it is always a good idea to be cautious handling any unsolicited mail and their associated attachments.