NEWS FROM THE LAB - Sunday, December 24, 2006

More Christmas-themed malware Posted by Mikko @ 10:47 GMT

Unfortunately there seems to be more Christmas-related malware floating around.

Now there's a backdoor named Christmas_Puzzle.exe. This one uses a rootkit to hide its presence on a system. We detect it as Trojan-Spy.Win32.Ardamax.e. As a decoy, this one displays a Christmas-themed jigsaw puzzle game.

And then there's a PowerPoint file named Christmas+Blessing-4.ppt. This one uses MS06-012 or a related vulnerability to drop and execute two embedded programs. As a decoy, the exploit has been embedded in an innocent Christmas-themed PPT slideshow that has previously made the rounds.


We now detect this PPT file as Exploit.MSPPoint.Agent.g.