WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Symantec's virus hunters have dubbed the virus Trojan.PPDropper.B, while other antivirus makers are likely dissecting it as well. It follows a well-worn pattern: an email arrives from an unknown source, in this case from a Gmail account, and has a PowerPoint file attached. The email has Chinese characters in it, which would indicate its origins are in Asia.
Once again, it counts on the end user to be dumb enough to open an attachment from an unknown source. Should you be that dumb, it executes a variant of a known keystroke logger that is used to steal personal information and send it back to a remote server. The virus then overwrites the malicious PowerPoint file with a new clean copy of the document to cover its tracks.
More disturbing than the virus is the pattern it follows. For the second time in as many months, this virus comes within days of Microsoft's (Quote, Chart) monthly patch releases. Last month, a zero-day Excel exploit hit the Internet just one day after the monthly patch release.