A cute powerpoint trojan (it even has a cartoon picture of a girl petting a cat is currently making the rounds on the net. The powerpoint sends a good message about loving your work. The catch? It has an embedded exe file in it which gets dropped *possibly* via the MS06-012 vulnerability (we’re still verifying the actual exploit used, but it *seems* to be MS06-012).
When running the powerpoint, nothing out of the ordinary actually happens, but at the time that a user is done reading the message and closes the powerpoint, a temp file is created and executed, leaving two dropped files in the process.
- %systemdir%wbemwmiadapt.exe and
- %systemdir%systhin.dll
Well there is one sure way of defeating this trojan though…UPDATE your Windows Systems.