PowerPoint zero-day attack compromises data in infected Windows PCs; Mac OS X unaffected

“A second Trojan used in the latest zero-day attack against Microsoft Office contains characteristics that pinpoint corporate espionage as the main motive, according to virus hunters tracking the threat,” Ryan Naraine reports for eWeek.

Naraine reports, “According to an alert from Symantec, a backdoor called Trojan.Riler.F is installing itself as a layered service provider, or LSP, allowing it access to every piece of data entering and leaving the infected computer.”

“Alfred Huger, senior director of engineering at Symantec, said the dirty PowerPoint file infects the machine with a piece of malware called Trojan.PPDropper.C which in turn drops two separate backdoors that give the attack unauthorized access to the compromised computer,” Naraine reports. “Symantec’s Huger said the sophisticated nature of the attacks suggest it is the work or well-organized criminals associated with industrial espionage… The F-Secure anti-virus team found backdoors connecting to China-hosted domains in March 2005, September 2005, March 2006, April 2006, May 2006 and July 2006.”

“Microsoft plans to issue a patch on August 8 for users of Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003,” Naraine reports. “In the meantime, anti-virus experts are urging Microsoft Office users to be on the lookout for suspicious attachments, even those that appear to come from colleagues internally.”

Full article here.

By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious.click for more info.

[UPDATE: 12:45pm EDT: Changed headline from “Macintosh” to “Mac OS X.” Those who run Windows on their Macs are at risk, of course. That’s the fun of Windows. As Apple says on their Boot Camp page, “Windows running on a Mac is like Windows running on a PC. That means it’ll be subject to the same attacks that plague the Windows world. So be sure to keep it updated with the latest Microsoft Windows security fixes.” Try using Keynote instead and you’ll probably get a standing ovation when you give your next presentation.]

Related MacDailyNews articles:
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Symantec sues Microsoft to halt Windows Vista development – May 19, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005

New invisible rootkit hits Windows including Vista – July 17, 2006
Microsoft demos Windows Vista on Apple MacBook Pro – July 01, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Windows Vista rips-off Mac OS X at great hardware cost (and Apple gains in the end) – June 13, 2006
CNET reporter: Apple Mac mini is my most ‘Vista Ready’ PC – May 24, 2006
Thurrott: Microsoft collapsing under its own weight, Gates has driven Windows Vista into the ground – April 20, 2006
Dude, you got a Dell? What are you, stupid? Only Apple Macs run both Mac OS X and Windows! – April 05, 2006
Why buy a Dell when Apple’s Intel-based computers will run both Mac OS X and Windows? – June 08, 2005
Windows users who try Apple’s Mac OS X Tiger might not want to go back – June 07, 2005


  1. Bob, I’m no expert in these matters, but my research says that it basically comes down to access. On a Mac a virus doesn’t have the root access (and therefore any access whatsoever), so even though it may start on a program both platforms share, it doesn’t have anywhere to go on a Mac. Maybe someone else has a better explanation. It’s definitely complicated stuff.

  2. So a Mac with the same software from the same vendor is not affected?


    Because its a lot more difficult for an application (trojan) to install itself without detection on a Mac. They would have to crack your password or trick you into installing it.

    MDN word: why

    For real.

  3. When Asta La Vista comes out, all these problems will go away!

    ” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />

    MDN Magic Word: french. As in fries. That’s what I’m eating this very second. How does MDN know?
    ” width=”19″ height=”19″ alt=”big surprise” style=”border:0;” />

  4. Warning to everyone. Belight software, the makers of Image Tricks, Business Card Composer, etc., has, upon my purchase of Image Tricks Pro, sent me a license code of “0” to activate the Pro version. It does not work, and worst of all, it is impossible to get any reply from their customer support or any help whatsoever.

  5. What I don’t understand is how viruses can get in via an Office application. I can understand a web browser or something that goes online, or something you download into an Office app, but never just the app itself- alone.

    This should be a red flag.

    Now, someone please write a virus that compromises the Office “suite”- without it, the PC drones can’t do ANYTHING but go on IE and play games- their only source of “productivity” is gone.

    <Apple Store>
    <Buy a Mac>
    <Get iWork>
    Do it someday- you really will get what you pay for.

  6. *SMACK!* “Thank you sir, may I have another?” *SMACK!*

    Gotta love the PC idiots. The Ballmer Brigades.
    Would be a heck of a lot funnier if MY personal info wasn’t on PC’s at banks, government stuff, etc.

    There should be a law that anyone with critical information run Macs.

  7. Welcome all you poor, weak and heavy laden Windows 95/98/ME users orphaned by MS no longer protecting Office 95 or 97. Take that load off your back and get a Mac Mini, USB keyboard and mouse.

    MW ‘step’ as in: your old PC makes a good back door step.

  8. <b<Ozzys</b> said: What I don’t understand is how viruses can get in via an Office application. I can understand a web browser or something that goes online, or something you download into an Office app, but never just the app itself- alone.

    The virus can get into your system in any of several ways – it comes attached to a PowerPoint file and is activated by PowerPoint. You could have a file mailed to you or download it off the web – possibly without realizing what you were getting. The app itself contains the vulnerability that is being exploited by the virus in the file.

    Your boss will be SO grateful you reviewed his presentation and mailed it back for comments … may even stop by to ‘thank’ you in person. His rough-looking companions are really just a couple of co-workers … yup!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.