TrojanDropper:Win32/Apptom.A is a trojan dropper embedded within an exploit in Microsoft PowerPoint (.PPS / .PPT) data files identified as Exploit:Win32/Apptom.gen. The exploit could execute on vulnerability systems using Microsoft Office 2000, XP, 2003 and Mac Office.
An attacker creates a malicious Microsoft PowerPoint presentation and sends it as an attachment to a target e-mail address. When the malicious file is viewed on a vulnerable system, it could drop TrojanDropper:Win32/Apptom.A. In the wild, this exploit has been seen in limited and targeted attacks.
When viewed, the malicious presentation drops a trojan dropper (TrojanDropper:Win32/Apptom.A
) as a file named 'fssm32.exe
' that is then run.
When Win32/Apptom.A is run, it creates another executable into the TEMP folder named '%TEMP%\setup.exe
) that is executed via a command shell. Win32/Apptom.B drops malware as the following:
For more information about Exploit:Win32/Apptom.gen and Security Advisory 969136, see the following links:
Analysis by Cristian Craioveanu
The following system changes may indicate the presence of this malware:
Alert notifications from installed antivirus software may be the only symptom(s).