'Merry Christmas to our heroes' - malicious code installation email

On Christmas Day (December 24), security firm iDefense issued a warning saying that a PowerPoint Christmas file was edited to merge malicious code, providing hackers Unauthorized access to attacked systems has just appeared.

In the warning letter, iDefense reports that an e-mail titled " Merry Christmas to hero sons and daughters " and a Christmas + Blessing-4.ppt attachment will silently install a Trojan horse backdoor on the computer. there is a gap ". This version of the Trojan Hupigon (sometimes called Hupigeon) will install two files on the compromised computer - Ken Dunham, iDefense's Rapid Pespones Team captain. These are files: msupdate.dll (18.507 bytes) and sdfsc.dll (3 bytes).

A website using this form of attack has been discovered on a server in China.

Details of the PowerPoint vulnerability are still unclear. But according to the initial results, this may be the MS06012 vulnerability. Microsoft Office vulnerabilities like this can allow remote commands to be executed on a compromised machine.

Attacks on Microsoft's Office software are increasing every month, said Marc Maiffret, technical director of eEye Digital Security, earlier this month.