Poisoned PowerPoint attacks users
Microsoft is warning Windows users about a virus that takes over PCs via the popular PowerPoint program. Attached to the virus is a poisoned presentation that, if opened, installs keylogging software on a computer. Users are being told to take care because it could be weeks before Microsoft produces a patch that protects against the security loophole. So far relatively few people are thought to have been caught out by the booby-trapped presentation.
The bug that the malicious hackers behind the virus have exploited has been found in PowerPoint 2000, 2002 and 2003. Security experts said the virus was aimed at companies in Asia because Chinese characters are used in the subject line of the e-mail the booby-trapped files are attached to and in name of the poisoned PowerPoint presentation. The presentation purports to be 18 humorous slides about love between men and women. The PowerPoint presentation is attached to an e-mail that arrives from a Google GMail address. Anyone opening the PowerPoint file will trigger the virus that installs a keylogger that records everything typed on an infected machine. It also opens up a backdoor into that machine that the creators of the virus are likely to exploit to gather the recorded keystrokes or to install other malicious programs. Once a machine has been compromised the virus installs a blank version of the poisoned presentation to hide evidence that a computer has been taken over.
In an advisory about the exploit Microsoft said “limited” attacks were taking place using the bug and added: “In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker.”
The bug is known as a “zero-day” attack because it was exploited so soon after being discovered.
To protect themselves against hackers exploiting the bug, Microsoft warned users not to open or save PowerPoint files that turn up unexpectedly – even if they are from trusted sources. PowerPoint has become widely used in businesses for presentations.
The virus bearing the booby-trapped PowerPoint files started circulating a day after Microsoft issued a series of software patches as part of its regular security updates. Typically these updates are issued on the second Tuesday of every month. Security firms said the timing was deliberate as it gave the virus the longest chance to rack up victims before Microsoft gets round to closing the loophole. Microsoft said it was on target to release a patch to protect against the exploit on 8 August.
So much for the practice of embedding Powerpoints as training snippets in control systems, eh?