This post originated from an RSS feed registered with .NET Buzz by Sascha Corti. Original Post: Bloodhound Exploit 84? Feed Title: Console.WriteLine("Hello World"); Feed URL: http://www.corti.com/WebLogSascha/blogxbrowsing.asmx/GetRss? Feed Description: A technology blog with a focus on the .NET framework, the Visual Studio .NET tools and the Windows server platform with of course the normal weblog-noise on what's happening in the industry and reviews of the latest geeky gadgets. Latest .NET Buzz Posts Latest .NET Buzz Posts by Sascha Corti Latest Posts From Console.WriteLine("Hello World");

A visitor reports that the TechTalk slides posted by me yesterday show up in the heuristic scan engine of Symantec Antivirus 9.0 Corporate Edition (with signature files from October 11) as infected with the "Bloodhound.Exploit.84". My eTrust antivirus software can't verify this and I already have reports that today's virus signatures do not report these files as infected anymore.

Trojan horse (Wikipedia)

Symantec's description: Bloodhound.Exploit.84 is a heuristic detection for Microsoft Office Malformed Record Memory Corruption Vulnerability (as described in Microsoft Security Bulletin MS06-62). An attacker who exploits this vulnerability could perform a denial of service attack against a vulnerable version of PowerPoint, or potentially execute arbitrary code with the privileges of the logged-on user. The exploit is triggered by viewing a specially-crafted PPT file.

For safety reasons I have however pulled all the slides from CodeZone and replaced them with Zip-Archives containing only PDF versions of my decks.

Thanks for all the reports! I will keep investigating...