Home / malwarePDF  

TrojanDropper:Win32/Apptom.A


First posted on 07 April 2009.
Source: SecurityHome

Aliases :

There are no other names known for TrojanDropper:Win32/Apptom.A.

Explanation :

TrojanDropper:Win32/Apptom.A is a trojan dropper embedded within an exploit in Microsoft PowerPoint (.PPS / .PPT) data files identified as Exploit:Win32/Apptom.gen. The exploit could execute on vulnerability systems using Microsoft Office 2000, XP, 2003 and Mac Office.

Symptoms
System ChangesThe following system changes may indicate the presence of this malware:

  • The presence of the following files:
    %ProgramFiles%Internet ExplorerIEUpd.exe
    • Alert notifications from installed antivirus software may be the only symptom(s).

    TrojanDropper:Win32/Apptom.A is a trojan dropper embedded within an exploit in Microsoft PowerPoint (.PPS / .PPT) data files identified as Exploit:Win32/Apptom.gen. The exploit could execute on vulnerability systems using Microsoft Office 2000, XP, 2003 and Mac Office.

    Installation
    An attacker creates a malicious Microsoft PowerPoint presentation and sends it as an attachment to a target e-mail address. When the malicious file is viewed on a vulnerable system, it could drop TrojanDropper:Win32/Apptom.A. In the wild, this exploit has been seen in limited and targeted attacks. When viewed, the malicious presentation drops a trojan dropper (TrojanDropper:Win32/Apptom.A) as a file named 'fssm32.exe' that is then run.

    Payload
    Drops MalwareWhen Win32/Apptom.A is run, it creates another executable into the TEMP folder named '%TEMP%setup.exe' (TrojanDropper:Win32/Apptom.B) that is executed via a command shell. Win32/Apptom.B drops malware as the following: %ProgramFiles%Internet ExplorerIEUpd.exe - Trojan:Win32/Cryptrun.A Additional InformationFor more information about Exploit:Win32/Apptom.gen and Security Advisory 969136, see the following links:
  • Microsoft Malware Protection Center blog post
    http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx
  • Security Advisory 969136
    http://www.microsoft.com/technet/security/advisory/969136.mspx


    • Analysis by Cristian Craioveanu

    Last update 07 April 2009

     

    TOP

    Malware :

    Family: