In my Previous post, we talked about Microsoft [intlink id=”3280″ type=”post”]Advisory for KB969136[/intlink] and the exploit was in the wild. It looks like Trend Micro has published some new spam attempts to get the users to open up the Maleware for them to deposit TROJ_PPDROP.AB onto there systems.
[ad#cricket-right-ez]Trend Micro has some screen shots of the most common Fake Presentations for you to see just how they try to get you to open the file.
Although these are some common tactics for attackers to use such as nude pictures, Earth Hour, or Celebrities without Makeup, users who don’t normally use PPT should check the files out before you load them. You also should remember to save them to a file and [intlink id=”2205″ type=”page”]scan them with your Anti-virus software[/intlink], also it wouldn’t hurt to have a firewall software. It looks like these exploits tries to connect to the internet and you might be able to find out by the request from the firewall.
According to Internet Storm Center, the CVE place Holder for this is CVE-2009-0556 and hasn’t become live yet. I do not think they will release that information until they get a chance for Microsoft to patch the systems.
This would be a good time to remind IT staff and anyone who might use Power Point that they should not open anything they aren’t expecting and even then they should verify with your IT staff that it is safe until Microsoft issues a patch for this. I expect that if this become widely used it will be released out of Cycle or even In May’s Patch Tuesday. According to Microsoft you could install Microsoft Office Isolated Conversion Environment (MOICE) but requires Office 2003 and Office 2007 systems. Find out how you can use this work around at Microsoft’s Advisory of KB969136 for further instructions.