Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday June 12 2017, @07:09PM   Printer-friendly
from the CxOs-never-look-at-powerpoint-files dept.

Criminal hackers have started using a novel malware attack that infects people when their mouse hovers over a link embedded in a malicious PowerPoint file.

The method—which was used in a recent spam campaign that attempted to install a bank-fraud backdoor alternately known as Zusy, OTLARD, and Gootkit—is notable because it didn't rely on macros, visual basic scripts, or JavaScript to deliver its payload. Those methods are so widely used that many people are able to recognize them before falling victim.

Instead, the delivery technique made use of the Windows PowerShell tool, which was invoked when targets hovered over a booby-trapped hyperlink embedded in the attached PowerPoint document. Targets using newer versions of Microsoft Office would by default first receive a warning, but those dialogues can be muted when users are tricked into turning off Protected View, a mode that doesn't work when documents are being printed or edited. Targets using older versions of Office that don't offer Protected View are even more vulnerable.

"While features like macros, [object linking and embedding], and mouse hovers do have their good and legitimate uses, this technique is potent in the wrong hands," researchers from antivirus provider Trend Micro wrote in a blog post published Friday morning. "A socially engineered e-mail and mouse hover—and possibly a click if the latter is disabled—are all it would take to infect the victim."

Source: ArsTechnica

See also a report at Dodge This Security.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by kaszz on Monday June 12 2017, @08:38PM (3 children)

    by kaszz (4211) on Monday June 12 2017, @08:38PM (#524635) Journal

    PHBs are hired by the people with the gold (money) to outsource the control of their workers (slaves). The catch is their thinking is short sighted inside their box.

    Plaintext, that must be ASCII 8-bit. And it UTF is to be used. Then it might be an idea to standardize [wikipedia.org] on some version that explicitly excludes all irrelevant and politically correct junk [wikipedia.org].

    Does LaTeX/DVI include some execute code like facility? Btw, asfair LaTeX is printed into DVI which is then displayed (like postscript).

    Everything that wants to execute shall have to put up a dialog box enforced by the OS or program that ask if it's okay to do X or not.

    No need for DRM to lookout the sheeple. Just make it so that it takes skill to break free.
    (maybe that's why Apple has to be jailbroken? :p)

    Many good ideas, I had similar myself.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1) by anubi on Tuesday June 13 2017, @03:57AM (2 children)

    by anubi (2828) on Tuesday June 13 2017, @03:57AM (#524782) Journal

    From what I have observed of the "business executive mentality", PowerPoint is Business-Grade software.

    People like us have no business using it.

    Business-Grade software is for people who can delegate all the shit so someone else. People like us are the ones who actually personally experience the ramifications of bad software, so naturally, we don't like to mess with it.

    Empirical analysis: When one gets up high enough in organizational rank:

        (1) Appearance trumps substance.

        (2) Artfully spoken bullshit trumps sound scientific analysis.

        (3) The cheapest way to do it is the best way to do it. That is the absolute minimum amount of cost to eke by the customer acceptance test. And even then, cover yourself with businesstalk legalese to make sure once the customer gets snookered, he STAYS snookered. Legal clauses are much faster to write than a sound design.

    Businessmen operate on a whole different level than the common man.

    I don't believe I have said a word that many working in a big organization have not already experienced.

    Sometimes, I believe it is best to stop trying to shoo the moth from the fire. As long as it has its wings ( capital ), it will do anything to fly right into the flame. But once the flames burn off its wings, its one of us now, and finally can understand why things like we are concerned about are so important. As long as it has those wings, it seems inhibited to common computing sense.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    • (Score: 2) by kaszz on Tuesday June 13 2017, @12:45PM (1 child)

      by kaszz (4211) on Tuesday June 13 2017, @12:45PM (#524881) Journal

      The question is how to firewall yourself from that moth then..

      • (Score: 1) by anubi on Tuesday June 13 2017, @02:51PM

        by anubi (2828) on Tuesday June 13 2017, @02:51PM (#524938) Journal

        That seems all one can do. Its as frustrating as dealing with a teenage daughter in heat, with young boys around.

        Dad knows what's apt to happen. He's seen this before. The young daughter wants to have fun.

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]