Patches? We don’t need no stinkin patches! What’s that? My powerpoint has a trojan?
Oops.
“If opened, these infectious PowerPoint files attempt to exploit an unpatched vulnerability to drop the MDropper-BH Trojan onto compromised systems. The vulnerability involved is different from that covered by Microsoft’s MS06-048 for a previous PowerPoint vulnerability, the target of earlier malware attacks. All versions of Windows and an unknown number of versions of PowerPoint are vulnerable to the latest attack. If successful the MDROPPER-BH attempts to drop the Small-CMZ Trojan into the temporary folder of a compromised Windows machine. This Trojan tries to download other forms of malware from various pre-programmed hacker web sites. In this way compromised machines are likely to become riddled with all manner of malware, leaving them compromised zombie clients in botnet networks controlled by hackers.”
Get the patches for your OS here at Apple (I had to do it)
UPDATE: Turns out that this was bad intel. It’s nothing new but, more of the same.
[tags]Trojan, PowerPoint Exploit, Vulnerability, Exploit[/tags]
