Monday, May 16, 2022
  • Home

Exploit Wednesday

July 18th, 2006 by Patrick S

Another Microsoft Office exploit, Bifrose.UZ, was discovered last week. It drops a backdoor using PowerPoint (PPT) files. The exploit was discovered after a limited number of people received e-mail with the PowerPoint file as an attachment.

So what’s the deal with Microsoft Office and why the exploits? There were Word fixes in June – Several Excel fixes were included in July’s patches – And now there is a PowerPoint exploit that will need to be patched in August. See a pattern?

There’s a growing trend here. F-secure been saying for some time that the lack of large virus outbreaks is evidence that the malware environment could be getting worse, not better. The bad guys want to make money – not make attention. So as a malware author, if you want to target a few prominent companies for the purpose of industrial espionage, you design your exploit to attack them within and then lay low. Spoofed e-mails are sent to company insiders and they, thinking it’s just another document that they need to review, open it up and the backdoor gets installed.

The bad guys are taking advantage of three things:

The first is the patch cycle itself. These new exploits are being released after the second Tuesday of each month to maximize its lifespan.

The second is the common day-to-day routine of receiving Office files. There haven’t been any new macro viruses to speak of for some time and so Office files (doc/xml/ppt) easily pass through corporate firewalls and people don’t think twice about clicking on them. This avenue of attack is currently under the radar and is not perceived as a danger by end users.

And the third advantage is that the companies exploited don’t want to talk about it. They dread the negative publicity as a victim of espionage. That’s why the public doesn’t know the name of last month’s Excel exploit victim. Such hush-hush may be keeping some of these exploits from being reported.

 Source straight from F-secure weblog

Posted in Office 2007, Security | 2 Comments »

This entry was posted on Tuesday, July 18th, 2006 at 6:26 am and is filed under Office 2007, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

2 Responses

  1. Simon Scatt Says:

    Many programms include spyware modules. Use anti-spyware for protect your privacy.
    As for me, I like professional anti-spy software like PrivacyKeyboard by Raytown Corporation LLC.
    You can download it here: (~4MB)

    Anti-Spyware: Efficiency of the Means of Defense

  2. Grant's Gleanings Says:

    RESOURCE: VistaBase v3 Knowledgebase (Not MS’s)…

    Windows Vista knowledge base designed to help users tweak, understand and customise Vista, as well as for Windows Server “Longhorn”, Windows Internet Explorer 7, and other “Longhorn” technologies such as .NET Framework 3.0 (previously codenamed…