Newscast

PowerPoint files are threatening again?

By Nik

August 16, 2017

Internet security is one of the most important aspects of any online activity. The more you use it, the more vulnerable you become and cyber criminals are aware of that.

So whether you use it only for private matters or you use it for business, caution should always be your primary source of defense.

The latest attack on online security is no exception. In most cases, cyber criminals carefully plan their strategy and a way into your computer and your privacy.

This time they are using Windows Object Linking Interface in PowerPoint, which is the technology that allows exporting part of a document with a different editing application than the original.

PowerPoint and its usage are very common and most people with only basic computer knowledge know how to use PowerPoint. Moreover, that is the most vulnerable group because they suspect nothing and very often they click and open any kind of document that they receive.

PowerPoint presentations which they receive in their emails are especially dangerous. Users might receive what seems like a harmless email or people that are used to online shopping might receive an attachment with shipping details. Unsuspectingly, they open the email and/or attachment, inviting the malware on your computer.

When the PPSX file is opened, ‘CVE-2017-8570’ is displayed. The CVE-2017-0199 Remove Code Execution will then run a process to download logo.com to the computer which then runs a command to download RATMAN.exe. RATMAN.exe makes a connection to the Command and Control server, and since it is a tool for remote control, users will not be aware of it. It is very dangerous because it allows the cyber criminals a direct link to the computer and almost everything on it.

So extra caution is needed when downloading attachments from unknown sources.