Other issues in this category (70)
Dangerous mouse gestures
Friday, November 10, 2017
Macro viruses for MS Office.
This category encompasses malicious code that exploits features of office files and
the macro languages built into those applications.
News of yet another terrible threat has appeared: a banking Trojan that doesn't even need users to click on a malicious link—for a system to get infected, one merely needs to hover their cursor over a link in a PowerPoint file. Sounds pretty scary, eh?
A download is initiated if one hovers their cursor over a hyperlink in a PowerPoint file.
A malicious routine is triggered, which will result in the file c.php being downloaded from ccn.nl (IP: 22.214.171.124).
In actuality, despite the screaming headlines, it's not as bad as it sounds. And here’s why: exploiting Microsoft Office macros to spread malware is a well-known technique; anti-viruses learnt how to detect such threats a long time ago, and Microsoft itself equipped its products with a large macro-activation button aeons ago. Moreover, most modern "macro viruses" for Word and Excel don't even need users to move their cursor—they are triggered as soon as a file with macros enabled is opened.
The reason this incident landed in the news is simple but somewhat paradoxical: in PowerPoint, it’s much more difficult to trigger malicious macro code without exploiting vulnerabilities, and that's why attackers usually don't even try to do it. Why bother if the same trick can be pulled much more easily in Word or Excel? In a presentation file, they need to lure a user into interacting with a file. And making a user hover their cursor over an item is one of the simplest methods. Under normal circumstances, this feature can be used to highlight an item or change the colour of a button or link over which the viewer hovers their cursor. Do you really need this feature? Perhaps, if even Microsoft doesn't recommend that people use the macros in its products, wouldn’t it be a good idea to refrain from using them?#banking_Trojan #malware #security_updates #anti-virus_updates
The Anti-virus Times recommends
- As corny as it sounds, keeping your anti-virus running and up-to-date will protect your system from all sorts of macro viruses for Word or PowerPoint, or anything else.
- Don't open unknown files attached to emails received from untrusted senders, and never expect to be sent an invoice in the PowerPoint format.
- And obviously, just keep macros toggled off, especially for files whose origin is unknown.