Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (70)
  • add to favourites
    Add to Bookmarks

Dangerous mouse gestures

Read: 15206 Comments: 2 Rating: 9

Friday, November 10, 2017

Macro viruses for MS Office.
This category encompasses malicious code that exploits features of office files and
the macro languages built into those applications.

Doctor Web malware naming classification

News of yet another terrible threat has appeared: a banking Trojan that doesn't even need users to click on a malicious link—for a system to get infected, one merely needs to hover their cursor over a link in a PowerPoint file. Sounds pretty scary, eh?

A download is initiated if one hovers their cursor over a hyperlink in a PowerPoint file.

A malicious routine is triggered, which will result in the file c.php being downloaded from (IP:


In actuality, despite the screaming headlines, it's not as bad as it sounds. And here’s why: exploiting Microsoft Office macros to spread malware is a well-known technique; anti-viruses learnt how to detect such threats a long time ago, and Microsoft itself equipped its products with a large macro-activation button aeons ago. Moreover, most modern "macro viruses" for Word and Excel don't even need users to move their cursor—they are triggered as soon as a file with macros enabled is opened.

The reason this incident landed in the news is simple but somewhat paradoxical: in PowerPoint, it’s much more difficult to trigger malicious macro code without exploiting vulnerabilities, and that's why attackers usually don't even try to do it. Why bother if the same trick can be pulled much more easily in Word or Excel? In a presentation file, they need to lure a user into interacting with a file. And making a user hover their cursor over an item is one of the simplest methods. Under normal circumstances, this feature can be used to highlight an item or change the colour of a button or link over which the viewer hovers their cursor. Do you really need this feature? Perhaps, if even Microsoft doesn't recommend that people use the macros in its products, wouldn’t it be a good idea to refrain from using them?

#banking_Trojan #malware #security_updates #anti-virus_updates

The Anti-virus Times recommends

  • As corny as it sounds, keeping your anti-virus running and up-to-date will protect your system from all sorts of macro viruses for Word or PowerPoint, or anything else.
  • Don't open unknown files attached to emails received from untrusted senders, and never expect to be sent an invoice in the PowerPoint format.
  • And obviously, just keep macros toggled off, especially for files whose origin is unknown.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.