Vulnerable program is the first way an attacker will use for getting access to remote systems, Trend Micro lab reported new malicious PowerPoint file that contain a backdoor and spreads via email messages.
By opening the infected attachment a shellcode will be executed to exploit CVE-2011-0611 and create “Winword.tmp” file in the temp folder and open another power point presentation to trick user regarding what have really happened on his system. Next the “Winword.tmp” will connect to remote system and start the communication with the attacker.
To protect yourself be sure to not open suspicious email that may contain attachment even if you see that it’s a PowerPoint, PDF or word files, modern malwares can be embedded in any file or may take any extension, Maintain your system and security software definition updated, update your third party application and especially pdf reader as new version added the sandboxing functionality that may isolate any malware from executing on your main system. Trend Micro detects the malicious PowerPoint file as TROJ_PPDROP.EVL and the dropped backdoor file as BKDR_SIMBOT.EVL.