Written by: Bernadette Caraig

How does this threat get into users' systems?

Users received spammed messages containing a malicious .PPT file attachment that supposedly contained updates on the Air France Flight 447 plane crash and information on C919 jumbo jets.

How does this threat affect users?

Users who were curious enough to know more about the crash and were tricked into downloading the malicious .PPT file onto their systems ended up with TROJ_APPTOM.C infections instead. The specially crafted file exploited a Microsoft PowerPoint vulnerability that finally resulted in the download of even more malicious files.

How does this threat make money for its perpetrators?

Though the related malware itself did not directly extort money from affected users, some of the other malware it downloaded could. Some could be data stealers that could put the personally identifiable information (PII) on users' systems at risk of being stolen and used by cybercriminals.

What is the driving force behind this threat?

This particular attack could lure a huge number of curious users to download malware onto their systems, thereby putting them at risk of other more malicious activities such as phishing.