Skip the navigation

'Merry Christmas to our heroes' e-mail installs malicious code

iDefense sent out a warning about the malware

December 24, 2006 12:00 PM ET

Computerworld - A popular Christmas PowerPoint file has been modified to incorporate malicious code that gives an attacker unauthorized access to infected systems, iDefense warned today.

In an e-mail warning, iDefense Labs said that the e-mail with the subject "Merry Christmas to our hero sons and daughters!" and the attachment Christmas+Blessing-4.ppt "silently installs a backdoor Trojan horse on vulnerable computers." According to Ken Dunham, director of iDefense's Rapid Response Team, this version of the Hupigon (sometimes also called Hupigeon) Trojan installs two files on a compromised system: msupdate.dll (18,507 bytes) and sdfsc.dll (3 bytes).

A remote Web site used in this attack has been found on a server in China, Dunham said.

"Details regarding the PowerPoint exploit are still unclear, but detected by a few scanners as a possible MS06-012 exploit," Dunham wrote. Such Microsoft Office exploits can allow remote execution of commands on infected systems.

Attacks on Microsoft Corp.'s Office software have been on the rise for months now, Marc Maiffret, chief technology officer at security vendor eEye Digital Security Inc., said earlier this month. Office vulnerabilities were once released "on a monthly basis," he said.

"Now we're at the point where it's almost daily."

Read more about Security in Computerworld's Security Topic Center.



Our Commenting Policies