Security News PowerPoint File Downloads Malware When You Hover a Link, No Macros Required

brambedkar59 · Jun 2, 2017

Security researchers have spotted a booby-trapped PowerPoint file that will download malware to a computer whenever a victim hovers a link, no macro scripts required.

Nikos751 · Jun 2, 2017

That's why it is called "Protected Mode"

Security features are not a decoration nor just an annoying pop up.
Other than that, its an interesting malware that if existed in a different implementation with same result in other less protected programs it would be very dangerous.

In2an3_PpG · Jun 2, 2017

Well at least this attack is pretty much negated with the Office Protected View enabled at default.

brambedkar59 · Jun 2, 2017

Nikos751 said:
That's why it is called "Protected Mode"
Security features are not a decoration nor just an annoying pop up.
Other than that, its an interesting malware that if existed in a different implementation with same result in other less protected programs it would be very dangerous.

To some users, the security features of an OS look like "decoration" and they disable them without even thinking. Some even think that OS updates are not necessary and they disable it, quite hastily.

In2an3_PpG said:
Well at least this attack is pretty much negated with the Office Protected View enabled at default.

Or it would have been pretty big news, like Wannacry.

In2an3_PpG · Jun 2, 2017

rockstarrocks said:
Or it would have been pretty big news, like Wannacry.

That would of been interesting. Watch this will probably grow, maybe not near the extent of Wannacry but it will grow. You know there are some fools out there that probably disabled the protected view.

brambedkar59 · Jun 2, 2017

In2an3_PpG said:
That would of been interesting. Watch this will probably grow, maybe not near the extent of Wannacry but it will grow. You know there are some fools out there that probably disabled the protected view.

Yup, that would be interesting. Although I wouldn't care about it much because I use Office online and Google Docs.

In2an3_PpG · Jun 2, 2017

rockstarrocks said:
Yup, that would be interesting. Although I wouldn't care about it much because I use Office online and Google Docs.

Yeah were both set. No worries.

S3cur1ty 3nthu5145t · Jun 2, 2017

The file is a PowerPoint presentation that is delivered to potential victims as a file attachment with emails bearing the subject line "RE: Purchase orders #69812" or "Fwd:Confirmation". The name of the PowerPoint file itself is "order&prsn.ppsx", "order.ppsx", or "invoice.ppsx", and there's also evidence the file has been spread around inside ZIP files.

First off, I would never open attachments from someone i did not know, and even those will be vetted for validity. Secondly, i leave "Protected Mode" enabled in MS office, so either way, this is really not an issue.

jamescv7 · Jun 2, 2017

Good thing that it managed to block by MS Office Protected Mode, people should understand the benefits of a security protection including in downloading the security patches.

There is no surprise cause any functions can already implement with unknown execution of codes since hovering is one of many examples of a function.

Search

Security News PowerPoint File Downloads Malware When You Hover a Link, No Macros Required

brambedkar59

Level 31

Nikos751

Level 20

In2an3_PpG

Level 18

brambedkar59

Level 31

In2an3_PpG

Level 18

brambedkar59

Level 31

In2an3_PpG

Level 18

S3cur1ty 3nthu5145t

Level 6

jamescv7

Level 85

Similar threads