PowerPoint Trojan: Not Zero DayPowerPoint Trojan: Not Zero Day
The new PowerPoint Trojan that baffled researchers yesterday targets a known vulnerability
August 22, 2006
Sigh of relief: Researchers concluded this morning that the new PowerPoint Trojan is not a zero day exploit after all.
The so-called Troj_Mdropper.BH (See Trojan May Threaten PowerPoint.) actually exploits a known and patched vulnerability in Office, MS06-012, according to an update on Trend Micro's malware blog today.
The Trojan confounded researchers around the industry yesterday because it didn't display the same behaviors of other malware that goes after the remote-code execution vulnerabilities in Office that were patched in MS06-012. Researchers initially thought it could be targeting a new, unknown vulnerability in Microsoft software and spent most of yesterday and last night testing it out.
"When we put up a statement like it uses 'an unknown vulnerability,' we are in the middle of our investigation and don't know if it is or not yet," says David Perry, global director of education for Trend Micro.
The Trojan's shell code doesn't "manifest" the same behavior as other exploits that target the vulnerability, Trend Micro said in its update.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks