Content

Exploit-PPT.d

Type
Trojan
SubType
Exploit
Discovery Date
09/26/2006
Length
553,984 Bytes
Minimum DAT
4861 (09/27/2006)
Updated DAT
5541 (03/02/2009)
Minimum Engine
5.1.00
Description Added
09/26/2006
Description Modified
09/27/2006 9:34 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

-- Update Sep 27, 2006 --
The minimum DAT version was corrected to read 4861
--

This detection covers a PPT (Microsoft PowerPoint) file that exploits an unidentified vulnerability which is being investigated. The exploit is beileved to affect at least Office 2000, Office XP and Office 2003.

When this trojan loads into PowerPoint, it silently runs one .EXE file and installs two .DLL files (all dropped files are being detected as Generic BackDoor.d). Then, the DLL files get injected into IEXPLORER.EXE and start posting information to (http:// mylostlove1.6600.org/[CENSORED])

Symptoms

Method of Infection

When the PPT file is opened, malicious code is executed automatically using a vulnerability in PowerPoint.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This detection covers a PPT (Microsoft PowerPoint) file that exploits an unidentified vulnerability which is being investigated. AVERT has confirmed that the exploit affects at least Office 2000, Office XP and Office 2003.

Aliases

  • Win32/Controlppt.X (Microsoft)

Characteristics

Characteristics -

-- Update Sep 27, 2006 --
The minimum DAT version was corrected to read 4861
--

This detection covers a PPT (Microsoft PowerPoint) file that exploits an unidentified vulnerability which is being investigated. The exploit is beileved to affect at least Office 2000, Office XP and Office 2003.

When this trojan loads into PowerPoint, it silently runs one .EXE file and installs two .DLL files (all dropped files are being detected as Generic BackDoor.d). Then, the DLL files get injected into IEXPLORER.EXE and start posting information to (http:// mylostlove1.6600.org/[CENSORED])

Symptoms

Symptoms -

Method of Infection

Method of Infection -

When the PPT file is opened, malicious code is executed automatically using a vulnerability in PowerPoint.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A