Malware type: Trojan

Aliases: Exploit.MSPPoint.Agent.j (Kaspersky), Exploit-PPT.i (McAfee), EXP/Office.XDS.Gen (Avira), Troj/PPointEx-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: Yes

Description: 

This Trojan arrives on a system as a .PPS/.PPT file that is dropped by other malware. It can also be downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, it dropsseveral files, some of which are detected as BKDR_AGENT.ADGS.

A dropped .TMP file is then injected into a running process to remain memory resident. As a result, routines of the dropped file are also exhibited on the affected system. To automate execution of the dropped malicious file, it also adds a registry entry.

It takes advantage of the following software vulnerability to drop and execute the said component file:

• Microsoft Security Bulletin MS06-012

The said vulnerability in Microsoft Office may allow a remote user to use a malformed routing slip to execute malicious codes on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 29, 2007 4:56:25 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.