Researchers have identified a new method by which one can get infected with viruses and this method is likely to become widespread soon, so suggestions are to be extremely careful. The method is dangerous primarily because it takes advantage of the hyperlinking technology. How it works is that it automatically injects a script when you simply hover over a hyperlinked host without even having to click on it.
Trend Micro, one of the largest cyber-security firms with extensive experience and proactive threat monitoring has detected this new method to work on a infected Microsoft PowerPoint presentation file. The file had a hyperlink which takes advantage of a malicious PowerShell script to be executed. The execution of this script may be undetected if you hover on the link, but the newer versions may detect the script to be ran in the %Temp% folder of Windows via a pop-up. The pop-up that detects the script does not stop it, but rather has an Enable and Disable button that gives the choice to the user. It has the following message:
“Microsoft Office PowerPoint Security Notice
Microsoft Office has identified a potential security concern.
File Path: {%Temp%\Random}
To help protect your security, Microsoft Office has blocked the ability to run an external program automatically. If you choose to enable the external programs, your document and computer may no longer be secure.
If you wish to run external programs in Action Settings, click Enable. If you wish for external programs in Action settings to run automatically, click enable All, but note that this may be a security risk. Otherwise, click Disable to continue.”
So if PowerPoint detects such a script while it is running without you having clicked on any object, it is advisable to disallow it from running again. The risk is not as big, because the newer versions of Microsoft Power Point will usually warn. However, many users are used to hovering over objects to read information, and if this Windows pop-up is bypassed, many users may be at risk in the future.
Ventsislav Krastev
Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.
Follow Me: