Trend Micro researchers have come across a malicious power point file that contains an embedded Flash file, which exploits the Flash Player vulnerability (CVE-2011-0611) to drop a backdoor onto users’ systems.
Once user open the .ppt file , it drops a 'Winword.tmp' file in the Temp folder by exploiting the flash vulnerability. Simultaneously, it also drops a non-malicious PowerPoint presentation file “Powerpoint.pps”, tricking users into thinking that file is just your average presentation file.
The 'Winword.tmp' is a backdoor that connects to remote sites to communicate with a possible malicious user. It is also capable of downloading and executing other malware leaving infected systems susceptible to other, more menacing threats such as data stealing malware.
Trend Micro security solutions detect the PPT file as TROJ_PPDROP.EVL and the dropped backdoor file as BKDR_SIMBOT.EVL.
Once user open the .ppt file , it drops a 'Winword.tmp' file in the Temp folder by exploiting the flash vulnerability. Simultaneously, it also drops a non-malicious PowerPoint presentation file “Powerpoint.pps”, tricking users into thinking that file is just your average presentation file.
The 'Winword.tmp' is a backdoor that connects to remote sites to communicate with a possible malicious user. It is also capable of downloading and executing other malware leaving infected systems susceptible to other, more menacing threats such as data stealing malware.
Trend Micro security solutions detect the PPT file as TROJ_PPDROP.EVL and the dropped backdoor file as BKDR_SIMBOT.EVL.
){kind=link}