Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Banking Trojan Executes when Targets Hover Over Link in PowerPoint Doc

posted by martyb on Monday June 12 2017, @07:09PM   Printer-friendly
from the CxOs-never-look-at-powerpoint-files dept.

Fnord666 writes:

Criminal hackers have started using a novel malware attack that infects people when their mouse hovers over a link embedded in a malicious PowerPoint file.

The method—which was used in a recent spam campaign that attempted to install a bank-fraud backdoor alternately known as Zusy, OTLARD, and Gootkit—is notable because it didn't rely on macros, visual basic scripts, or JavaScript to deliver its payload. Those methods are so widely used that many people are able to recognize them before falling victim.

Instead, the delivery technique made use of the Windows PowerShell tool, which was invoked when targets hovered over a booby-trapped hyperlink embedded in the attached PowerPoint document. Targets using newer versions of Microsoft Office would by default first receive a warning, but those dialogues can be muted when users are tricked into turning off Protected View, a mode that doesn't work when documents are being printed or edited. Targets using older versions of Office that don't offer Protected View are even more vulnerable.

"While features like macros, [object linking and embedding], and mouse hovers do have their good and legitimate uses, this technique is potent in the wrong hands," researchers from antivirus provider Trend Micro wrote in a blog post published Friday morning. "A socially engineered e-mail and mouse hover—and possibly a click if the latter is disabled—are all it would take to infect the victim."

Source: ArsTechnica

See also a report at Dodge This Security.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Banking Trojan Executes when Targets Hover Over Link in PowerPoint Doc | Log In/Create an Account | Top | 46 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday June 13 2017, @12:35AM (2 children)

    by Anonymous Coward on Tuesday June 13 2017, @12:35AM (#524738)

    And "wingdings" are a problem because...? I might sympatize with an idea than combining characters wasn't as good of an idea as some thought it would be, but this? If you don't need those you just don't use them.

  • (Score: 2) by Arik on Tuesday June 13 2017, @01:26AM (1 child)

    by Arik (4543) on Tuesday June 13 2017, @01:26AM (#524752) Journal
    Yeah here's the problem - you can't keep other people from using them. And it opens all kinds of problems. For one big field of examples consider the implications of using these things in filenames.

    No, a text encoding system needs to encode text. It needs to encode the regular symbols used in writing the language, the alphabet/abugida or whatever, along with standard punctuation symbols. It doesn't need to encode colors, shapes etc. that's a different level of abstraction completely and it does not belong here. On the other hand one of the most important things you DO want to have here is clarify - each symbol should be distinct, clearly different from all the other symbols. UTF fails that badly, there are way too many distinct symbols with the same appearance.
    --
    If laughter is the best medicine, who are the best doctors?

    • (Score: 0) by Anonymous Coward on Tuesday June 13 2017, @08:51AM

      by Anonymous Coward on Tuesday June 13 2017, @08:51AM (#524835)

      So, you don't like that other people can use text the way you do not like. Are you high, man?