Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Malicious PowerPoint File Targeting Flash Player Vulnerability

Researchers at Trend Micro have discovered a malicious PowerPoint file circulating via email, which if executed, installs a backdoor on the victim’s system. The backdoor is made possible thanks to a vulnerability in Flash Player. The good news, however, is that the vulnerability itself has long since been patched, and malicious attachments are easy to avoid.

Researchers at Trend Micro have discovered a malicious PowerPoint file circulating via email, which if executed, installs a backdoor on the victim’s system. The backdoor is made possible thanks to a vulnerability in Flash Player. The good news, however, is that the vulnerability itself has long since been patched, and malicious attachments are easy to avoid.

“Recent threats are no longer limited to malicious files disguised as ordinary binaries (such as .EXE file) attached to emails. These specially crafted files can be embedded in commonly used files such as PDF, DOC, PPT or XLS files,” Trend researcher, Cris Pantanilla, wrote in a recent blog.

Trend MicroThe malicious PowerPoint arrives via email, and if it is opened, it will display a legitimate looking document. However, while the false presentation is shown, code within the file itself attempts to exploit an Adobe Flash Player vulnerability from 2011.

If successful, the victim’s system is exposed to additional malware, as the vulnerability allows for remote code execution.

“…cybercriminals are continuously taking advantage of previously reported vulnerabilities in popular software such as MS Office applications, Flash etc….exploits created for reliable vulnerabilities remain effective cybercriminal tools…[as] most users do not regularly update their systems’ with the latest security patch, which explains why attackers are continuously exploiting these bugs,” Pantanilla added.

In the end, he concluded, system patching and caution when dealing with file attachments from unknown sources will prevent this basic level of attack.

Trend Micro detects the malicious PowerPoint file as TROJ_PPDROP.EVL and the backdoor file as BKDR_SIMBOT.EVL. More information is available here

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.