TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_PPDROPPER.L
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Dropper.MSPPoint.Agent.k (Kaspersky), Exploit-PPT.d (McAfee), Trojan.PPDropper.F (Symantec), EXP/Office.Dropper.Gen (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_PPDROPPER.L Behavior Diagram

Malware Overview

This Trojan usually arrives as a file dropped by other malware or as a file downloaded unknowingly by a user when visiting malicious Web sites. In addition, it may also arrive as an attachment to a spammed email message.

This is a zero-day exploit. When executed, this specially crafted .PPT file exploits a vulnerability in Microsoft PowerPoint in order to drop and execute a file detected by Trend Micro as BKDR_GINWUI.AA.

Zero-day exploit are so-called because they attack a software vulnerability for which the vendor has not released a patch. This may pose as a dangerous situation in which a lot of computers may be affected due to the availability of the exploit code, and the fact that there is no available patch for the vulnerability.

More information on the said vulnerability can be found in the following Web site:

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 27, 2006 3:57:03 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.