SoylentNews is people
SoylentNews
from the CxOs-never-look-at-powerpoint-files dept.
Criminal hackers have started using a novel malware attack that infects people when their mouse hovers over a link embedded in a malicious PowerPoint file.
The method—which was used in a recent spam campaign that attempted to install a bank-fraud backdoor alternately known as Zusy, OTLARD, and Gootkit—is notable because it didn't rely on macros, visual basic scripts, or JavaScript to deliver its payload. Those methods are so widely used that many people are able to recognize them before falling victim.
Instead, the delivery technique made use of the Windows PowerShell tool, which was invoked when targets hovered over a booby-trapped hyperlink embedded in the attached PowerPoint document. Targets using newer versions of Microsoft Office would by default first receive a warning, but those dialogues can be muted when users are tricked into turning off Protected View, a mode that doesn't work when documents are being printed or edited. Targets using older versions of Office that don't offer Protected View are even more vulnerable.
"While features like macros, [object linking and embedding], and mouse hovers do have their good and legitimate uses, this technique is potent in the wrong hands," researchers from antivirus provider Trend Micro wrote in a blog post published Friday morning. "A socially engineered e-mail and mouse hover—and possibly a click if the latter is disabled—are all it would take to infect the victim."
Source: ArsTechnica
See also a report at Dodge This Security.
(Score: 3, Funny) by DannyB on Monday June 12 2017, @08:16PM (2 children)
Dear PHBs. Please hold out for UTF-64.
It will have Klingon, Narn, and all those other languages. And it will be out any day now.
Most of the new codespace that 64 bits will give us will be occupied by new emojis.
Then there will be new software that allows drawing any possible photo quality image by using characters from the UTF-64 codespace. There will be characters in the font that make up every possible color pattern of bits for that character such that many lines of adjacent characters in that font will draw any possible screen image.
Then we'll please to be to start of thinking UTF-256 very quickfully.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by takyon on Monday June 12 2017, @08:39PM
UTF-64: One Emoji Per Human
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Monday June 12 2017, @09:10PM
Personally, I think the codepoints currently assigned to emojis would be better assigned to fictional writing systems of note such as Klingon, Quenya, Narn, etc. I don't know how we'd determine noteworthiness (though perhaps this would be an exercise to occupy Wikipedia's deletionists), but Klingon would probably be the only one to pass that bar that comes to mind. Even then, for practical reasons, Klingon is more commonly romanized than represented in the corresponding writing system. (Chicken and egg problem? Perhaps allow a "private-use" block so specialty applications could represent these characters until the use of the writing system has achieved noteworthiness without sacrificing an in-use block as current Klingon fonts do?)
I want Arabic characters, Khmer characters, Hieroglyphics, Norse runes, IPA, and all manner of writing systems that humans currently use and have been used historically. There is no need for emojis beyond basic wingdings, if basic wingdings should even be included. Whether or not to include alchemical symbols I suppose I am ambivalent about. Obviously, we can't include everything as a practical matter, because then nobody would bother creating alternative typefaces once a reference typeface had been promulgated.