PowerPoint 0-Day Points to Corporate Espionage 111
Rakesgate writes "A second Trojan used in the latest zero-day attack against Microsoft Office contains characteristics that pinpoint corporate espionage as the main motive, according to virus hunters tracking the threat. This eWeek story walks through the attack, which uses a tainted 18-slide PowerPoint file, a Trojan dropper, 2 Trojans and a server in China that is used to communicate with compromised machines." From the article: "'Once this type of attack is out, it's very unusual for it to be limited to just one company. I think it's safe to assume that it's ongoing, especially since there is no patch for this vulnerability,' Huger added. Microsoft plans to issue a patch on August 8 for users of Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003. In the meantime, anti-virus experts are urging Microsoft Office users to be on the lookout for suspicious attachments, even those that appear to come from colleagues internally."
Supsicious Files (Score:5, Funny)
But what if you receive a Power Point presentation from your manager called "ReadThisOrYourFired.ppt"? It looks suspicious, but oh the dilema.
Re:Suspicious Files (Score:5, Funny)
> manager called "ReadThisOrYourFired.ppt"?
I'd quit. I refuse to work for anyone who can't tell the difference between a possessive pronoun and a contraction.
Re:Suspicious Files (Score:1, Redundant)
That's what I meant by suspicious! What were you thinking I was thinking?
Re:Suspicious Files (Score:5, Funny)
Re:Suspicious Files (Score:1)
Re:Suspicious Files (Score:3, Interesting)
Re:Suspicious Files (Score:1)
Re:Suspicious Files (Score:2)
Anyone with an IQ above that of a cabbage, perhaps?
Re:Suspicious Files (Score:1)
http://en.wikipedia.org/wiki/Al_Gore [wikipedia.org]
Re:Suspicious Files (Score:3, Funny)
But you could still find out if it's real or not. If it is not sent with highest priority, it is definitly bogus.
Re:Suspicious Files (Score:2)
Re:Suspicious Files (Score:2)
>> But what if you receive a Power Point presentation from your
>> manager called "ReadThisOrYourFired.ppt"?
>
>I'd quit. I refuse to work for anyone who can't tell the difference between a possessive pronoun and a contraction.
Thank you Mr. Bad Example!
Re:Suspicious Files (Score:1)
However, if it was spelled properly, then I'd raise an alarm
Re:Suspicious Files (Score:2)
Re:Supsicious Files (Score:2)
And he'd write in German!
Re:Supsicious Files (Score:1, Informative)
Open it in OpenOffice.org Impress.
This is an example of why it's risky to use file formats that are only supported properly by a single application.
Re:Supsicious Files (Score:5, Funny)
You receive said PowerPoint. You immediately set out to install a special PowerPoint Viewing Cart, complete with portable generator, portable PC, portable projector, and portable screenbooth (think 4 Chinese folding wall screens with a roof). Even though you've created a special system to "isolate" your PowerPoints, you make sure it's got full network access via 802.11, with RW support on all shares, globally.
If you can't build this setup by stealing the parts from a coworker's desk or the conference room, order them all. Better yet, setup an auction website where suppliers can bid on the various parts of your setup. You, of course, send money before you receive product; after all, you've gotten the lowest cost option, so you can risk the capital.
Then, watch said PowerPoint on the PowerPoint Viewing Cart. Proceed to tell boss that you thought this high priority PowerPoint was, indeed, from him, and that since it blew away the PowerPoint Viewing Cart, you now need to spend the rest of the week repairing it. If he asks you why you are repairing it, make sure to make it clear that you want him to be able to view the high priority PowerPoint he had just received, "ReadThisNowOrYourStockOptionsWillExpire.ppt" . Explain to him the virtues of private viewing environment, portable generator, and dolby surround sound.
Voila! Much like any MSCE, you've turned a Microsoft Product into a never ending source of contract work, all without quitting your day job.
Corporate? Pshaw... (Score:3, Funny)
August 8? (Score:2, Interesting)
How many more machines have to be compromised before users begin to take matters into their own hands?
The arrogance of MS is astounding. And don't say it's because of testing.
Re:August 8? (Score:3, Interesting)
Re:August 8? (Score:2)
In the words of Paul Thurrott, "Ah well."
Re:August 8? (Score:2)
Re:August 8? (Score:5, Informative)
Re:August 8? (Score:4, Informative)
OpenOffice's code is a nightmare. That's why they still haven't released an x86-64 port.
Probably more important is not to run it on top of an OS that blindly gives it access to kernel-level network service code.
Re:August 8? (Score:4, Interesting)
The office exploits (not only this one, but also its predecessors that targeted Excel and Word) are carefully crafted, targeted attacks against very specifically selected companies. It's even for AV companies not an easy task to get a hold of some of these malware products, so it is very, very unlikely that we'll see a sizable spread to the wild any time soon (at least before the next patchday). Of the various Office-Overflow-Exploits, I only know of a Word variant that had any remotely relevant in the wild spread.
Doesn't warrant writing your own patch code. Especially with StarOffice being a very handy replacement to the problem.
Sweet Excuse! (Score:4, Funny)
MS, grrr (Score:5, Interesting)
Re:MS, grrr (Score:1, Flamebait)
That's just about the dumbest thing I've ever read on Slashdot.
The theory is... (Score:2)
The theory is that once the patch is out, crackers will reverse engineer it to make new exploits, increasing the security risk for other companies.
It also gives Microsoft a good excuse to be slow to patch, but that's just my own personal theory.
Re:MS, grrr (Score:2, Funny)
If you're waiting until the 8th Tuesday of the month for your patches, you'll be waiting a long time.
Chinese Firewalls (Score:3, Interesting)
Re:Chinese Firewalls (Score:5, Funny)
That's a ridiculous suggestion. It's not the job of the Chinese government to monitor all traffic going in and out of China.
Oh wait..
Re:Chinese Firewalls (Score:3, Insightful)
Sometimes I'm suspicious of the Chinese government..well, actually, ALL the time I'm suspicious of the Chinese government. They call it corporate espionage...what if it's just...well...regular espionage by a curious Communist nation?
Of course, this is complete tin foil hat speculation with no good evidence to back it up, but the suspicion still rests in the back of my mind.
Re:Chinese Firewalls (Score:3, Insightful)
So, put your tin-foil hat back on. It is warranted.
Re:Chinese Firewalls (Score:2)
This'll have to do...
In Communist China, Tinfoil hats wear YOU!
Re:Chinese Firewalls (Score:2)
Won't may be more appropriate. Why would our 'enemy' and largest competitor want to stop themselves from stealing our secrets?
Enemy? (Score:2, Troll)
Re:Enemy? (Score:1)
What planet is this America on? The one I live in did fuck up the rest of the world to become a powerful nation, and continues to do so in order to retain that power.
Read your history books.
Re:Enemy? (Score:2)
Read your history books.
Yeah, I studied history. We sure did fuck those poor civilians in Berlin when we dropped all that food on them during that Berlin Airlift thingie. And stopping the Nazis sure did fuck the world up. Ousting that Milosivich guy because he was raping and killing Muslims... I mean, how is that any of our business? You do
Re:Enemy? (Score:1)
Re:Enemy? (Score:2)
Oh, politics on
Re:Enemy? (Score:2)
Enemy...as in because through your close minded hate for America you forget that China's treatment of their people is an order of magnitude worse. Here we worry bout the government trying to make spying legal...there they worry about watching their family murdered in front of them if they even mutter a word against the government spying on them. Lets be realistic please. Unless you are Chinese and part of the in group...you are pretty much china's enemy. Enemy also doesn't mea
Re:Chinese Firewalls (Score:2)
Nope, can't see a reason why the Chinese government would not block that...
Re:Chinese Firewalls (Score:1)
Re:Chinese Firewalls (Score:2)
Who says this isn't the Chinese government sending out the PPT files?
Click ME! (Score:3, Funny)
Well, it worked for Napoleon Dynamite....."CLICK"
----->BSOD: All Your Assets Are Belong To Us!
gratutious (Score:2, Funny)
Time to switch... (Score:1)
Corporate Espionage (Score:5, Insightful)
What kind of data do corporate spies hope to obtain? Would that data be actionable -- e.g, could a company come up with a competing product and be first to market if another company's already half way there?
Re:Corporate Espionage (Score:4, Informative)
Re:Corporate Espionage (Score:2, Insightful)
Re:Corporate Espionage (Score:2)
Re:Corporate Espionage (Score:2)
Almost every Adobe product has competitors.
Yes, and Microsoft Windows and Office has competitors, but in the broad view of things, those competitors don't seem very relevant. I mean, for vector graphics, it would seem that there is only one real choice, and that's Illustrator. Indesign has competitors but in many respects, the markets for those are different. For raster images, Photoshop seems to be the only product in its class, other image programs exist but either have a different focus, a different
Re:Corporate Espionage (Score:4, Insightful)
Re:Corporate Espionage (Score:2)
So after reading the points of you two, I realize there's a lot more to
Re:Corporate Espionage (Score:4, Insightful)
The Chinese could manufacture a PS2 controller for like $5 if they wanted. Perfect replica of the official Sony one, down to the markings and logos.
Re:Corporate Espionage (Score:2)
Depends on how you define espionage. There's the obvious, like a compeditor stealing trade secrets, customer lists, et. al. .
If a compeditor knows who your customers are, and how much they're paying, their sales guys can target them with sales pitches designed to undercut your price. Even better if the compeditor had a list of, say, all help desk tickets for one of your products. Then they'd also know just what your customers didn't like about your product, and co
Hmmm (Score:2)
The Americans also claimed that their navigation suffered difficulty and it was later alleged that the French were covertly interfering with a GPS signal.
Would you buy a tank whose GPS navigation can be interfered with by the French?
Re:Hmmm (Score:2)
[humor]
So... are you saying the French were providing a public service by jamming GPS signals?
[/humor]
As point of fact, the Greek government didn't... but they didn't buy the French tank either. They went with the German one, which either doesn't use GPS or ( unlikely ) wasn't affected by the jamming.
Re:Hmmm (Score:2)
Re:Corporate Espionage (Score:2)
What kind of data do corporate spies hope to obtain? Would that data be actionable -- e.g, could a company come up wit
Re:Corporate Espionage (Score:1)
that and more (Score:2)
Then, since this is the Chinese:
Purchase orders for submarine parts may reveal designs.
Ripping off Apple is easier if you know in advance.
Future hacking may be easier if you can swipe some source code.
A list of employees at a defense contractor helps with social engineering.
Thank goodness.. (Score:3, Funny)
Re:Thank goodness.. (Score:1)
Re:Thank goodness.. (Score:2)
What's more interesting, is that the guy who mode the virus can apparently write office visualbasic code compatible with 3 versions of office! He could earn good money with that!
Re:Thank goodness.. (Score:1)
How useful would VMWare be? (Score:2)
OpenOffice?! (Score:1)
Re:How useful would VMWare be? (Score:1)
Re:How useful would VMWare be? (Score:2)
Yes, virus and spyware researchers use VMs all the time. They keep a disk image of a known clean machine. When a new suspicious program comes along, they copy their disk image, boot it up, run the virus program, and look for the deltas. It's much easier than keeping a "clean-room" PC around and reghosting the disk ev
How many of us... (Score:1)
And this is not a virus: I choose to send these to my friends :-(
We seem to be working through the MS wheel (Score:2, Insightful)
I'm now preparing for the 0-day notepad exploit...
Re:We seem to be working through the MS wheel (Score:2)
That's ok, as long as there's no 0-day minesweeper or heart exploit.
Re:We seem to be working through the MS wheel (Score:1)
Somebody should hook up a generator to that puppy...
Re:We seem to be working through the MS wheel (Score:2)
Re: (Score:2)
Re:And the State Dept was called racist over Lenov (Score:1)
Oh, wait, did I copy that wrong? I was just thining about all the silly IP laws the USA tries to export and companies like Lockheed Martin, General Dynamics, Diebold, Blackwater, Haliburton...
Re:And the State Dept was called racist over Lenov (Score:2)
If you look up 8800.org (the one that the powerpoint crack sends keylog data to), you will know that it hosts free DNS forwarding service (excuse if my terminalogy is wrong). It provides the same
Microsoft's Response times. (Score:2)
Slow response times. This is microsoft's way, it can't just be a hot fix, it has to be a hotfix, say three days to write, then testing begins, doesn't fix the problem on one computer, another week of programming, then finally it's ready for more testing. You get the idea.
Re:OB: Where do you want to be infected today? (Score:2)
"Safe to assume" (Score:3, Interesting)
Once this type of attack is out, it's very unusual for it to be limited to just one company. I think it's safe to assume that it's ongoing.
Me, I think it's safe to assume there are 10 undiscovered corporate espionage trojans out there for every one we hear about. Scary.
0 Day? (Score:2)
Re:0 Day? (Score:1, Informative)
Re:0 Day? (Score:3, Interesting)
Re:0 Day? (Score:2)
0-Day originally meant that it was released "0 days" ago.
they're everywhere! (Score:1, Insightful)
Fortunately Symantec is coming up with several ways to protect and save us from this nefarious criminal underground. Sorry Symantec, but my suspicion alert level is glowing bright red.
I don't recall the last time my machine was infected by software that another piece of software could actually do something about it (e.g. virus, trojan, etc). Mostly its
Re:they're everywhere! (Score:2)
I've run a hardware firewall ever since I got high speed net access. The only spyware I ever got was from a CD-ROM Borland game in 1998 just as the ideas for spyware were being developed. And I've never gotten a virus at home (laptop users at work are a different nightmare.) "Not
Is OOo vulnerable? (Score:1)
Re:Is OOo vulnerable? (Score:4, Funny)
I think so (Score:2)
I guess I should file a bug report.
In China? (Score:2)
Does this mean if you make sure your slides all have the magic word in white on white in them somewhere, they'll get gobbled by the People's Great Firewall and the perps won't get your data?
Indeed, you have the answer. (Score:2)
Transmit by DEMOCRACY channels only!
For FALUNG GONG usage only!
Authorized for TAIWAN program only!
Access restricted to FREE TIBET personnel only!
What about signed attachments? (Score:2)
Obviously, this requires a PKI of some sort, but for those companies which already do, it seems this would be a simple, easy way to virtually eliminate the possibility of outside trojans / viruses / wh