Read the original article: Deeper Analyzis of my Last Malicious PowerPoint Add-On, (Wed, Apr 28th)
Last week, I wrote a diary about a malicious PowerPoint add-on[1] and I concluded by saying that I was not able to continue the investigation because the URL found in the macro pointed to a blogspot.com URL. Ron, one of our readers, found that this page was indeed malicious and contained some piece of JavaScript executed by mshta.exe.
Read the original article: Deeper Analyzis of my Last Malicious PowerPoint Add-On, (Wed, Apr 28th)