{"id":84421,"date":"2017-06-21T15:16:49","date_gmt":"2017-06-21T09:46:49","guid":{"rendered":"https:\/\/blogs_admin.quickheal.com\/?p=84421"},"modified":"2017-06-21T15:16:49","modified_gmt":"2017-06-21T09:46:49","slug":"just-hovering-computer-mouse-hyperlink-can-get-computer-infected","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/just-hovering-computer-mouse-hyperlink-can-get-computer-infected\/","title":{"rendered":"Just hovering your computer mouse over a hyperlink can get your computer infected"},"content":{"rendered":"

In a new kind of attack, cybercriminals are infecting computers with a banking Trojan simply by fooling users into hovering over a link embedded in a malicious PowerPoint file.<\/p>\n

Attackers are sending malicious PowerPoint Show (PPS) or Open XML Slide Show (PPSX) to users via spam emails. These files only open in slideshow modes and are different from the normal PowerPoint files (PPT and PPTX). When the targeted user downloads and opens such a file, a slide containing the below hyperlink gets displayed.<\/p>\n

\"mouseover_attack1\"
Fig 1<\/figcaption><\/figure>\n

If the user hovers their mouse over this link, it tries to execute a code which installs a banking Trojan on the computer. Users who have the ‘Protected View<\/strong>‘ feature turned ON (newer versions of Windows), receive a security warning (fig 2) with \u2018Enable\u2019, \u2018Enable All\u2019, and \u2018Disable\u2019 options. Clicking on \u2018Enable\u2019 or \u2018Enable All\u2019 executes the malicious code which ultimately infects the computer with the Trojan. Clicking on \u2018Disable\u2019 will stop the infection from getting executed.<\/p>\n

Therefore, users with older versions of Windows or those who do not have the \u2018Protected View\u2019 ON are the most vulnerable to this infection. Simply hovering over the link will have their computer infected without any notice.<\/p>\n

Once installed, this banking Trojan can allow the attacker control the infected computer remotely, access stored information and perform a host of other malicious activities.<\/p>\n

\"FIg
Fig 2<\/figcaption><\/figure>\n

How Quick Heal helps
\n<\/strong>Quick Heal offers multilayered protection against this attack.<\/p>\n

– Quick Heal detects this malware as JS.Nemucod.DSG<\/strong>.<\/p>\n

Quick Heal Web Security<\/a> detects and blocks the malicious link which is responsible for downloading the malware.<\/p>\n

\"Fig
Fig 3<\/figcaption><\/figure>\n

– Quick Heal Virus Protection detects the malicious Slide Show (PPSX) file as OLE.PS.Downloader.2352<\/strong><\/p>\n

\"Fig
Fig 4<\/figcaption><\/figure>\n

Security measures you must take<\/strong>
\n1) On receiving any security prompts, such as the one above, it is safer not to proceed. You can always consult a computer expert if you are not sure about what to do.
\n2) Never click on links or download attachments that come with unexpected, unwanted or unknown emails.
\n3) Install an antivirus software that offers layers of protection. This helps detects and blocks such threats on multiple levels. And keep the software up-to-date.
\n4) Apply all recommended security updates (patches) to your Operating System, programs like Adobe, Java, Internet Browsers, etc.
\n5) It is always a good security practice to keep a secure backup of your important data.
\n6) Use strong and unique passwords for your online accounts.<\/p>\n

 <\/p>\n

ACKNOWLEDGMENT<\/strong><\/p>\n

Subject Matter Expert<\/p>\n

    \n
  • Anita Ladkat | Quick Heal Security Labs<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

    In a new kind of attack, cybercriminals are infecting computers with a banking Trojan simply by fooling users into hovering over a link embedded in a malicious PowerPoint file. Attackers are sending malicious PowerPoint Show (PPS) or Open XML Slide Show (PPSX) to users via spam emails. These files only open in slideshow modes and […]<\/p>\n","protected":false},"author":29,"featured_media":84427,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[289,24,303,788],"tags":[1139,1461],"class_list":["post-84421","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-safety","category-malware","category-phishing","category-safe-banking","tag-banking-trojan","tag-mouseover-malware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/84421"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=84421"}],"version-history":[{"count":2,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/84421\/revisions"}],"predecessor-version":[{"id":84429,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/84421\/revisions\/84429"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/84427"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=84421"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=84421"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=84421"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}