Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11How to open the infected PowerPoint file, causing hackers to invade the computer?
The remote code execution vulnerability in Microsoft Office (CVE-2017-0199) is in Windows Object Linking and Embedding (OLE), so the patch was released in April this year. But hazards can still appear in other ways.
Network security researchers at Trend Micro have discovered a new malware campaign that uses the same vulnerability, but this is the first time it has been hidden behind a PowerPoint file (PPSX).
According to the researchers, the attack will begin with a fake email attachment from the cable provider and is primarily targeted at companies in the electronics manufacturing industry. Researchers believe that this type of attack uses a disguised sender address as the business department's real email.
How to attack via PowerPoint file
Step 1 : The email contains the malicious PowerPoint file (PPSX) in the fake attachment, providing delivery information about a certain order.
Fake email with content providing order information
Step 2 : Once executed, the PPSX file will call a pre-programmed XML file in which to download the logo.doc file from the remote address and run it through the PowerPoint Show feature.
Step 3 : The logo file.doc will exploit the CVE-2017-0199 vulnerability, load and execute RATMAN.exe on the target system.
Step 4 : RATMAN.exe is a trojan version of Remcos Remote Control tool, when installed, will allow an attacker to control the infected computer from a remote C&C server.
Remcos is a legitimate tool but hackers create trojans
Remcos is a legally customizable remote access tool and allows users to control their system from anywhere in the world with certain capabilities, such as loading, executing command lines, recording table activity keys, screen and record webcam images as well as microphones.
Because the vulnerability used to get Rich Text File (RTF) is poisoned, most detection methods CVE-2017-0199 focus on RTF. Using the new PPSX file also allows an attacker to bypass the virus detection tool.
The easiest way to prevent you from this type of attack is to download a Microsoft patch that was released in April at this address.https://portal.msrc.microsoft.com/en-US/eula
Samuel DanielYou should read it
- How to recover files from a completely corrupted computer
- Hide malicious code in Windows logs file to attack computers, new ways of attack by hackers
- Around the world, about 50% of computers are infected with viruses
- How to Convert PowerPoint to Word
- How to set a password for PowerPoint files to protect data
- Transfer data between computers
- Microsoft urgently warns about a phishing campaign that uses malicious Excel macros to hack PCs
- PowerPoint is attacked by trojans
May be interested
- Tips to fix Microsoft PowerPoint not opening videos
can't open video in powerpoint presentation? here are some quick ways to fix powerpoint not playing video error. - How to Add a PDF to a PowerPointyou have a powerful pdf but want to include the entire file or specific pieces in your powerpoint presentation. so how do you do that? well, there are a few different ways you can insert pdfs in your powerpoint presentation including...
- How to open and read the .DAT file?file creation programs must have an extension for the file. however, in some cases a program will not do so and simply provide the .dat extension for the file only. technically this doesn't hurt files, but opening the file is a bit more difficult because your windows computer won't know how to open the .dat file.
- How to Open an ODS File on PC or Macthis wikihow teaches you how to open, view, and edit an openoffice spreadsheet (ods) file, using microsoft excel on a desktop computer. find the ods file you want to open on your computer. browse your files, and locate where you saved the...
- How to Fix a Corrupted PowerPoint PPTX Filea corrupt file can bring your well-prepared presentation to a screeching halt. there are several ways you can try getting a corrupted file to load, including moving it to a new location, extracting the slides from inside of it, and loading...
- How to Open an EMZ File on PC or Macthis wikihow teaches you how to open emz files on pc or mac. since emz files are naturally a microsoft file, you can use any microsoft software program to open them, like word or powerpoint. while options to open emz files on mac are...
- What is a .tmp file? How to open .tmp file on Windows computer?the article provides information about what a tmp file is, how to open a tmp file, how to delete a tmp file and answer frequently asked questions about tmp files. nguyen humanity what is the generated tmp file? let's see it now!
- Create slides from an existing slide in PowerPointthe following article introduces you in detail. create slides from an existing slide in powerpoint. step 1: open powerpoint - go to file - open - select the powerpoint file to apply:
- Update information and how to prevent W32.MyDoom.B Depth.destroying computers of customers who are caught off guard and automatically sending infected computer emails to addresses in customers' mailboxes preventing computer users from accessing websites with programs antivirus and ww.microsoft.com create a backdoor 'on infected computers to allow any hackers to repair existing viruses that computer users still cannot know this virus is created
- What file is PPTX? How to open, edit and convert PPTX filesfiles with extensions .pptx are microsoft powerpoint open xml presentation files. these files are used to store presentations on microsoft powerpoint.
Tech info
- Updates on Apple Maps iOS 11 make everyone want to use it
- See how the future of Firefox is today
- Detects backdoor on NetSarang's server management software
- 70% of Windows 10 users are completely satisfied with Microsoft's data collection
- Google pays Apple billions of dollars to be the default search engine on iDevice
- Automatically update faulty firmware, causing hundreds of smart keys to fail
Updates on Apple Maps iOS 11 make everyone want to use it
See how the future of Firefox is today
Detects backdoor on NetSarang's server management software
70% of Windows 10 users are completely satisfied with Microsoft's data collection
Google pays Apple billions of dollars to be the default search engine on iDevice
Automatically update faulty firmware, causing hundreds of smart keys to fail