Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday June 12 2017, @07:09PM   Printer-friendly
from the CxOs-never-look-at-powerpoint-files dept.

Criminal hackers have started using a novel malware attack that infects people when their mouse hovers over a link embedded in a malicious PowerPoint file.

The method—which was used in a recent spam campaign that attempted to install a bank-fraud backdoor alternately known as Zusy, OTLARD, and Gootkit—is notable because it didn't rely on macros, visual basic scripts, or JavaScript to deliver its payload. Those methods are so widely used that many people are able to recognize them before falling victim.

Instead, the delivery technique made use of the Windows PowerShell tool, which was invoked when targets hovered over a booby-trapped hyperlink embedded in the attached PowerPoint document. Targets using newer versions of Microsoft Office would by default first receive a warning, but those dialogues can be muted when users are tricked into turning off Protected View, a mode that doesn't work when documents are being printed or edited. Targets using older versions of Office that don't offer Protected View are even more vulnerable.

"While features like macros, [object linking and embedding], and mouse hovers do have their good and legitimate uses, this technique is potent in the wrong hands," researchers from antivirus provider Trend Micro wrote in a blog post published Friday morning. "A socially engineered e-mail and mouse hover—and possibly a click if the latter is disabled—are all it would take to infect the victim."

Source: ArsTechnica

See also a report at Dodge This Security.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Monday June 12 2017, @08:11PM (2 children)

    by DannyB (5839) Subscriber Badge on Monday June 12 2017, @08:11PM (#524628) Journal

    MS-DOS and Edlin you suggester of non-Microsoft anointed technologies.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by bob_super on Monday June 12 2017, @10:11PM (1 child)

    by bob_super (1357) on Monday June 12 2017, @10:11PM (#524685)

    Or just use Office 2003 on airgapped PCs. Good usability, total safety.

    What? There's a virus on Jim's PC? Sorry Jim, you're the only one with the key to your PC's cabinet, and we talked about sanitizing all USB drives in the training...

    • (Score: 2) by jcross on Monday June 12 2017, @11:37PM

      by jcross (4009) on Monday June 12 2017, @11:37PM (#524713)

      It's hard to imagine the point of an office suite if you can't share the documents. I mean I guess all sharing could be done by printing, but that sucks for any kind of joint editing.