Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Malware Downloader Can Infect PCs Without A Mouse Click (engadget.com)

Posted by EditorDavid on from the malware-from-mouseovers dept.

An anonymous reader quotes Engadget: You think you're safe from malware since you never click suspicious-looking links, then somebody finds a way to infect your PC anyway. Security researchers have discovered that cybercriminals have recently started using a malware downloader that installs a banking Trojan to your computer even if you don't click anything. All it takes to trigger the download is to hover your mouse pointer over a hyperlink in a carrier PowerPoint file. According to researchers from Trend Micro and Dodge This Security the technique was used by a recent spam email campaign targeting companies and organizations in Europe, the Middle East and Africa. The emails' subjects were mostly finance-related, such as "Invoice" and "Order #," with an attached PowerPoint presentation. The PowerPoint file has a single hyperlink in the center that says "Loading... please wait" that has an embedded malicious PowerShell script. When you hover your mouse pointer over the link, it executes the script.
Trend Micro writes that "while the numbers aren't impressive, it can also be construed as a dry run for future campaigns, given the technique's seeming novelty," adding "It wouldn't be far-fetched for other malware like ransomware to follow suit."

8 of 151 comments (clear)

  1. "Infects without clicking"? by K.+S.+Kyosuke · · Score: 4, Insightful

    The PowerPoint file has a single hyperlink in the center that says "Loading... please wait" that has an embedded malicious PowerShell script.

    Sooo...the file opens itself without clicking, too? Or how exactly does that work?

    --
    Ezekiel 23:20
  2. This just in... by green1 · · Score: 4, Insightful

    Opening suspicious files is still dangerous.
    Who woulda thought?

    As others have pointed out, this "no click" malware requires you to download and open a malicious powerpoint file, and then hover over the link contained in the file before it can infect you.
    If anything, this seems far LESS of a risk than many other attack vectors that also require opening malicious file attachments in email. (usually opening the installer itself instead of a powerpoint file)

    That said, WTF powerpoint? who makes a mouseover capable of downloading and installing something? c'mon guys, how stupid do you have to be to allow this sort of behaviour in your file format?

  3. Re:No Clicks! Wow! by rudy_wayne · · Score: 5, Insightful

    Meanwhile, the two biggest problems are ignored.

    Problem 1 - User stupidity. You get an e-mail with a "finance-related" subject, such as 'Invoice' or 'Order #'. But there's a Powerpoint file attached. Since when are legitimate invoices sent as Powerpoint files?

    Problem 2 - Microsoft stupidity. The ability of Powerpoint to run an external executable file (in this case powershell) is a HUGE design flaw that has become a major source of malware distribution.

  4. Windoze duh by fnj · · Score: 2, Insightful

    Smells like Windoze crap to me. Linux and BSD are the fixes for this.

    1. Re:Windoze duh by Anonymous Coward · · Score: 3, Insightful

      I wish people would stop posting that. There is nothing technical about Linux to prevent exactly the same thing from happening. The reason it isn't happen as much on Linux are because Linux users are usually more technically proficient, haven't demanded "auto-run" features all over the place, and don't fall for fishing attacks nearly as often.

      If Linux saw the infusion of technical illiteracy that Windows has had, all these things would be happening to Linux too, because the market would demand endless simplification in the name of "ease of use". If pointy-haired bosses and Aunt Elma were the major market forces shaping Linux, it would have the very same kinds of problems.

      TLDR; it's not Linux, it's the user community OF Linux.

  5. sounds like not all by Anonymous Coward · · Score: 0, Insightful

    PC's, just windows ones. Yawn, who cares.

  6. Re:No Clicks! Wow! by Darinbob · · Score: 4, Insightful

    But it is a fundamentally stupid idea. There is no need for it. So what if some users want it, let them use a plug in or other tool if they insist on automatically executing code received over the network.

  7. Re:No Clicks! Wow! by runningduck · · Score: 1, Insightful

    Your comment demonstrates your complete lack of understanding regarding what it takes and what occurred to achieve market dominance not to mention what constitutes sound software architecture.

    --
    -rd