Powerpoint has always been malicious, but now even a mouse-over can infect your PC
2 min. read
Published on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Powerpoint, the world’s most popular presentation software has been accused of killing critical thinking, causing untold economic damage by wasting productive time and even killing whole businesses.
Now in its latest trick, the application can also help infect your PC by simply mousing over a link in a malicious presentation.
Security researchers have discovered a new variant of the “Zusy” (AKA Gootkit or OTLARD) malware which spreads via malicious Powerpoint files in spam emails with subjects such as “Purchase Order” or “Confirmation” followed by a serial number.
The infected Powerpoint files only include one slide with a link saying “Loading…Please Wait” that’s hyperlinked. If a user moves their mouse over the link PowerPoint executes Windows PowerShell with a script that downloads the actual malware.
Thankfully in most cases your system should pop up a warning as in the image above, unless you have already clicked “Enable All” or have disabled Protected Mode. The script is also not able to run in Powerpoint Viewer or on Powerpoint on the web.
Once executed the malware sets up a backdoor to establish an RDP connection your PC, giving attackers complete access to your system.
The malware is currently spreading across Europe, the Middle East, and Africa and users are as always advised to be suspicious of any unsolicited files, no matter what format.
Read more about the threat at Trend Micro here.
User forum
0 messages