PowerPoint Doc may lead to an execution of Banking Trojan

The method—which was utilized in a recent spam campaign that tried to put in a bank-fraud backdoor alternately referred to as Zusy, OTLARD, and Gootkit—is notable as a result of it did not rely on macros, visual basic scripts, or JavaScript to deliver its payload. Those strategies are therefore wide used that several individuals are ready to acknowledge them before falling victim.

Instead, the delivery technique created use of the Windows PowerShell tool, that was invoked once targets hovered over a booby-trapped link embedded within the hooked up PowerPoint document. Targets exploitation newer versions of Microsoft office would by default initial receive a warning, however, those dialogues are muted once users are tricked into turning off Protected read, a mode that does not work once documents are being written or altered. Targets exploitation older versions of office that do not provide Protected read are even more vulnerable.

Read more

Leave a Comment

Your email address will not be published. Required fields are marked *