Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11How to open the infected PowerPoint file, causing hackers to invade the computer?
The remote code execution vulnerability in Microsoft Office (CVE-2017-0199) is in Windows Object Linking and Embedding (OLE), so the patch was released in April this year. But hazards can still appear in other ways.
Network security researchers at Trend Micro have discovered a new malware campaign that uses the same vulnerability, but this is the first time it has been hidden behind a PowerPoint file (PPSX).
According to the researchers, the attack will begin with a fake email attachment from the cable provider and is primarily targeted at companies in the electronics manufacturing industry. Researchers believe that this type of attack uses a disguised sender address as the business department's real email.
How to attack via PowerPoint file
Step 1 : The email contains the malicious PowerPoint file (PPSX) in the fake attachment, providing delivery information about a certain order.
How to open the infected PowerPoint file, causing hackers to invade the computer? Picture 1
Fake email with content providing order information
Step 2 : Once executed, the PPSX file will call a pre-programmed XML file in which to download the logo.doc file from the remote address and run it through the PowerPoint Show feature.
Step 3 : The logo file.doc will exploit the CVE-2017-0199 vulnerability, load and execute RATMAN.exe on the target system.
Step 4 : RATMAN.exe is a trojan version of Remcos Remote Control tool, when installed, will allow an attacker to control the infected computer from a remote C&C server.
How to open the infected PowerPoint file, causing hackers to invade the computer? Picture 2
Remcos is a legitimate tool but hackers create trojans
Remcos is a legally customizable remote access tool and allows users to control their system from anywhere in the world with certain capabilities, such as loading, executing command lines, recording table activity keys, screen and record webcam images as well as microphones.
Because the vulnerability used to get Rich Text File (RTF) is poisoned, most detection methods CVE-2017-0199 focus on RTF. Using the new PPSX file also allows an attacker to bypass the virus detection tool.
The easiest way to prevent you from this type of attack is to download a Microsoft patch that was released in April at this address.https://portal.msrc.microsoft.com/en-US/eula
Samuel DanielYou should read it
- Halloween helps hackers penetrate computers
- Add 2 malicious samples to attack the Mac
- How to recover files from a completely corrupted computer
- Hide malicious code in Windows logs file to attack computers, new ways of attack by hackers
- Around the world, about 50% of computers are infected with viruses
- How to Convert PowerPoint to Word
- How to set a password for PowerPoint files to protect data
- Transfer data between computers
- Microsoft urgently warns about a phishing campaign that uses malicious Excel macros to hack PCs
- PowerPoint is attacked by trojans
- How to convert Powerpoint files to PDF, Word
- Update information and how to prevent W32.MyDoom.B Depth.
Maybe you are interested
Tech info
Updates on Apple Maps iOS 11 make everyone want to use it- See how the future of Firefox is today
- Detects backdoor on NetSarang's server management software
- 70% of Windows 10 users are completely satisfied with Microsoft's data collection
- Google pays Apple billions of dollars to be the default search engine on iDevice
- Automatically update faulty firmware, causing hundreds of smart keys to fail
Updates on Apple Maps iOS 11 make everyone want to use it
See how the future of Firefox is today
Detects backdoor on NetSarang's server management software
70% of Windows 10 users are completely satisfied with Microsoft's data collection
Google pays Apple billions of dollars to be the default search engine on iDevice
Automatically update faulty firmware, causing hundreds of smart keys to fail