Christmas PowerPoint file installs malicious code

A popular Christmas PowerPoint file has been modified to incorporate malicious code that gives an attacker unauthorized access to infected systems, Computerworld reports.

The e-mail with the subject “Merry Christmas to our hero sons and daughters!” and the attachment Christmas+Blessing-4.ppt silently installs a backdoor Trojan horse on vulnerable computers.

This version of the Hupigon (sometimes also called Hupigeon) Trojan installs two files on a compromised system: msupdate.dll (18,507 bytes) and sdfsc.dll (3 bytes).

“Details regarding the PowerPoint exploit are still unclear, but detected by a few scanners as a possible MS06-012 exploit,” an expert said. Such Microsoft Office exploits can allow remote execution of commands on infected systems.

A remote Web site used in this attack has been found on a server in China.