Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share
  • icon

Chinese Hackers Launch New Office Attack


Popular Christmas PowerPoint slide show circulating by e-mail contains a security threat developed by paid-for-hire hackers.

By Gregg Keizer
InformationWeek
December 27, 2006 02:03 PM

A Microsoft PowerPoint presentation circulating via e-mail is the latest example of a 2006 trend in which paid-for-hire Chinese hackers target Western businesses with malicious Office documents, a security researcher said Wednesday.

The newest threat, said Ken Dunham, director of VeriSign iDefense's rapid response team, hides within an apparently innocent PowerPoint slide show, "Christmas+Blessing-4.ppt," which is attached to an e-mail message. The PowerPoint file, which circulated sans exploits last year around Christmas, has been making the rounds since Sunday.

More CIO Insights

White Papers

Reports

Videos


Hear Randy's vision for the data center of the future and how he intends to slay the legacy monsters. Bailar discusses the role of IT in business growth, his must-read business book, agile development and he offers up some advice to the software vendor community. Fritz Nelson spoke with Dan Drawbaugh, last year's InformationWeek Chief of the Year, about what qualities tomorrow's CIO should possess. Dan is the CIO of the University of Pittsburgh Medical Center.
Bailar discusses the role of IT in business growth, his must-read business book, agile development and he offers up some advice to the software vendor community.
"The reality is that this is a very popular file," said Dunham, "and poorly detected by most antivirus scanners." However, some security companies, including F-Secure, have created signatures to sniff out the threat.

More important is that Christmas+Blessing-4 shares characteristics with the Office document-based attacks that began seven months ago. "This is very similar to other Office attacks from May and June," Dunham said. "It's a targeted attack, this time [against a company] in the public utility sector."

Other Office document exploits--which included ones leveraging zero-day vulnerabilities in Word, Excel, and PowerPoint--also were limited in scope. But that doesn't make them less dangerous, said Dunham. "This kind of attack will be one of the most concerning during 2007. It will be the one that keeps CEOs up at night."

Unlike those earlier attacks, Christmas+Blessing-4 is not a zero-day exploit taking advantage of a vulnerability that hasn't been fixed. "It doesn't work on fully patched computers," Dunham said. After a user opens the PowerPoint file, a variant of the "Hupigon" backdoor Trojan horse is installed on the PC. The Trojan then silently adds two additional files, "msupdate.dll" and "sdfsc.dll," to the system.

IDefense said that the crew responsible for the newest Office attack was Chinese, another similarity with the summer's Word and Excel exploits. Calling the writers "hackers for hire," Dunham said that the rapid shift in China from politically motivated attacks to for-profit hacks is "a cause for concern."

"They're getting paid a whole lot of money," Dunham said. "The capitalist attitude is infiltrating Chinese hackers."

Dunham recommends that users patch their systems--Microsoft Office applications as well as Windows--and refuse to open unsolicited PowerPoint files, especially any attached to e-mails with the subject of "Merry Christmas to our hero sons and daughters!"

Warned Dunham, "If you're not patching promptly, you can expect attacks in 2007."


Subscribe to RSS


Advertisement

CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center





Subscription Info
Apply for a free 52-week subscription to InformationWeek (a $199 value)

Last Name:

First Name:

Title:

Company Name:

City:

Business Address:

Zip:

State:

Email Address:

NOTE: Offer valid for U.S., U.S. possessions, & Canada only

            

Join economist Chris Cornell and 3 CIOs in an Exclusive Online Exchange for Senior IT Executives: Using IT to Drive Value in a Turbulent Economy. November 5th only.