McAfee Avert Labs investigated and discoveredÂ multiple attacks in the field using the PowerPoint exploit. McAfee VirusScan productsÂ detects this threat as Exploit-PPT.kÂ trojan using the 5573 DATs to be released on the same day.Â
As with most other document exploits, these PowerPoint files install malicious trojans in the background but displays an innocent PowerPoint presentation to the victim asÂ a deceptive measure. The following list shows a variety of malware files installed in these attacks:
Some of these specially crafted exploits arrived as PowerPoint Showfiles with the “.pps” extension. Such files typically opens in full screen mode and hides the Â applications running on the desktop such as system monitoring tools that could give any clue to the dodgy installation of trojans to the victim.
Please keep your DAT files up-to-date and refrain from opening any PowerPoint files from any untrusted sources until a patch is made available by the vendor. Where possible, verify with the senderÂ to make sure what you get is what was intended.