-->
How Only Opening A Malicious Powerpoint File Could Compromise Your Pc

How Only Opening A Malicious Powerpoint File Could Compromise Your Pc

How Only Opening A Malicious Powerpoint File Could Compromise Your Pc

 Influenza A virus subtype H5N1 few months dorsum nosotros reported how opening a unproblematic MS Word file could compromise your com How Just Opening Influenza A virus subtype H5N1 Malicious PowerPoint File Could Compromise Your PC
Influenza A virus subtype H5N1 few months dorsum nosotros reported how opening a unproblematic MS Word file could compromise your reckoner using a critical vulnerability inward Microsoft Office.

The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided inward the Windows Object Linking together with Embedding (OLE) interface for which a patch was issued inward Apr this year, only threat actors are yet abusing the flaw through the dissimilar mediums.

Security researchers convey spotted a novel malware drive that is leveraging the same exploit, only for the offset time, hidden behind a especially crafted PowerPoint (PPSX) Presentation file.

According to the researchers at Trend Micro, who spotted the malware campaign, the targeted assail starts amongst a convincing spear-phishing electronic mail attachment, purportedly from a cable manufacturing provider together with mainly targets companies involved inward the electronics manufacturing industry.

Researchers believe this assail involves the purpose of a sender address disguised every bit a legitimate electronic mail sent yesteryear a sales together with billing department.


Here's How the Attack Works:


The consummate assail scenario is listed below:
 Influenza A virus subtype H5N1 few months dorsum nosotros reported how opening a unproblematic MS Word file could compromise your com How Just Opening Influenza A virus subtype H5N1 Malicious PowerPoint File Could Compromise Your PC
Step 1: The assail begins amongst an electronic mail that contains a malicious PowerPoint (PPSX) file inward the attachment, pretending to survive transportation information most an companionship request.

Step 2: Once executed, the PPSX file calls an XML file programmed inward it to download "logo.doc" file from a remote place together with runs it via the PowerPoint Show animations feature.

Step 3: The malformed Logo.doc file hence triggers the CVE-2017-0199 vulnerability, which downloads together with executes RATMAN.exe on the targeted system.

Step 4: RATMAN.exe is a Trojanized version of the Remcos Remote Control tool, which when installed, allows attackers to command infected computers from its command-and-control server remotely.
 Influenza A virus subtype H5N1 few months dorsum nosotros reported how opening a unproblematic MS Word file could compromise your com How Just Opening Influenza A virus subtype H5N1 Malicious PowerPoint File Could Compromise Your PC
Remcos is a legitimate together with customizable remote access tool that allows users to command their organization from anywhere inward the basis amongst about capabilities, similar a download together with execute the command, a keylogger, a covert logger, together with recorders for both webcam together with microphone.

Since the exploit is used to deliver infected Rich Text File (.RTF) documents, most detection methods for CVE-2017-0199 focuses on the RTF. So, the purpose of a novel PPSX files allows attackers to evade antivirus detection every bit well.

The easiest agency to forbid yourself completely from this assail is to download together with apply patches released yesteryear Microsoft inward Apr that volition address the CVE-2017-0199 vulnerability.
Blogger
Disqus
Pilih Sistem Komentar

No comments

Advertiser