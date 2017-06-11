New Malware Downloader Can Infect PCs Without A Mouse Click (engadget.com) 31
An anonymous reader quotes Engadget: You think you're safe from malware since you never click suspicious-looking links, then somebody finds a way to infect your PC anyway. Security researchers have discovered that cybercriminals have recently started using a malware downloader that installs a banking Trojan to your computer even if you don't click anything. All it takes to trigger the download is to hover your mouse pointer over a hyperlink in a carrier PowerPoint file. According to researchers from Trend Micro and Dodge This Security the technique was used by a recent spam email campaign targeting companies and organizations in Europe, the Middle East and Africa. The emails' subjects were mostly finance-related, such as "Invoice" and "Order #," with an attached PowerPoint presentation. The PowerPoint file has a single hyperlink in the center that says "Loading... please wait" that has an embedded malicious PowerShell script. When you hover your mouse pointer over the link, it executes the script.
Trend Micro writes that "while the numbers aren't impressive, it can also be construed as a dry run for future campaigns, given the technique's seeming novelty," adding "It wouldn't be far-fetched for other malware like ransomware to follow suit."
Trend Micro writes that "while the numbers aren't impressive, it can also be construed as a dry run for future campaigns, given the technique's seeming novelty," adding "It wouldn't be far-fetched for other malware like ransomware to follow suit."
No Clicks! Wow! (Score:1)
So, I receive a suspicious email, which I need to click on to open. That email contains a PowerPoint attachment, which I need to click on to open. Once done, I can be infected with a mouse-over rather than a click.
Zero-click malware. Meh.
Re: No Clicks! Wow! (Score:2)
Re: (Score:3)
Meanwhile, the two biggest problems are ignored.
Problem 1 - User stupidity. You get an e-mail with a "finance-related" subject, such as 'Invoice' or 'Order #'. But there's a Powerpoint file attached. Since when are legitimate invoices sent as Powerpoint files?
Problem 2 - Microsoft stupidity. The ability of Powerpoint to run an external executable file (in this case powershell) is a HUGE design flaw that has become a major source of malware distribution.
Re: (Score:2)
End user training. (Score:2)
So, I receive a suspicious email, which I need to click on to open.
And before that, you need to click on your browser or e-mail client.
And before that, you need to click to log into the computer.
And before that, you need to push the physical power button.
Zero-click malware. Meh.
Except that random joe 6 pack user...
...does click on any e-mail, because that's what they are used to.
...also recognizes PowerPoint file as one of the few "safe" attachment that they can open.
In other words: all the clicks that a normal user will accomplish in this infection are normal regular action that they do on an ev
Re: (Score:2)
Re: (Score:1)
"Infects without clicking"? (Score:2)
The PowerPoint file has a single hyperlink in the center that says "Loading... please wait" that has an embedded malicious PowerShell script.
Sooo...the file opens itself without clicking, too? Or how exactly does that work?
Re: (Score:1)
Sooo...the file opens itself without clicking, too? Or how exactly does that work?
Slashdot is run by morons who specialize in click-bait headlines. That's how it works.
Re: (Score:2)
Powerpoint (Score:1)
Who would have guessed? PowerPoint files don't open without clicking.
Re: (Score:2)
This just in... (Score:3)
Opening suspicious files is still dangerous.
Who woulda thought?
As others have pointed out, this "no click" malware requires you to download and open a malicious powerpoint file, and then hover over the link contained in the file before it can infect you.
If anything, this seems far LESS of a risk than many other attack vectors that also require opening malicious file attachments in email. (usually opening the installer itself instead of a powerpoint file)
That said, WTF powerpoint? who makes a mouseover capable of downloading and installing something? c'mon guys, how stupid do you have to be to allow this sort of behaviour in your file format?
Friends don't let friends... (Score:2)
Friends don't let friends install Microsoft Office.
Seriously - once you've got someone to open anything in MS Office, the scripting allowed in those formats means that few vulnerabilities are a very large surprise. That, and if you've ever had to work for a client that demands a large degree of Office interop or automation, you become acutely aware of how messy those formats have become over the years.
Don't get me wrong, in 'friendly' settings, it's got a nice set of features, and there's a reason that man
Re: (Score:2)
Friends don't let friends install Microsoft Office....
Back in the beginnings of Windows, I was always of the opinion that Microsoft was more interested in features and less interested in security. iow, new features = worth the investment, new security = not worth the investment. I would have thought that Microsoft would at least know better by now. But it still appears they do not.
Small wonder (Score:2)
I don't have a mouse I have a track-pad on one machine and one with a clitoris stick.