From the “Why don’t they leave me alone” file, your computer can now be attacked via a compromised PowerPoint slide deck. Researchers at our good friends and partners Trend Micro (www.trendmicro.com) have found cyber criminals are exploiting a flaw in the Windows Object Linking and Embedding (OLE) interface to deliver the Remcos malware through PowerPoint decks. This particular exploit used to be limited to .RTF documents, and antivirus products knew how to look for the attack. Now, by using the .PPSX extension associated with PowePoint, attackers are evading discovery and gaining access to your desktop, key strokes and more.
The following post from the experts at KnowB4 (www.knowbe4.com – also a partner of ours) dives into the gory details of how the attack originates and what happens if you aren’t paying attention. The end result is the attacker is able to install and execute a file named “RATMAN.EXE,” a variant of the Remcos remote access tool. Remcos is pretty ugly – it can record your key strokes, screens, webcam and microphone. It can also allow the attacker to download additional tools and even remotely control your computer without you being aware.
Think about that. Someone somewhere can record you logging in to your bank to check your balance, send them the key strokes used and even screen shots of the whole process. No need to “hack” your password, you just gave it to them. And with remote control, they can browse your computer and download any and all of your personal information. Scary stuff.
There is an easy way to prevent this from happening to you. Keep your computer up to date with all available Windows patches. That’s it. Microsoft released an update to plug this hole back in April of 2017. So as long as you have installed all recent updates, you should be fine. Also, now that the exploit has been publicized, antivirus vendors will be updating their detection engines. That is one of the (many) reasons we love Trend Micro’s Worry Free Business Security Services hosted edition so much. All updates to their software are automatically pushed out to the end user. No worry about missing an update and being vulnerable. We have hundreds of users on this security package – ask us if it is right for your business.
Click here to read the complete article: