Malware-containing emails have been circling the web lately in the form of PowerPoint files. The email subjects can range from “RE: Purchase orders #69812” to “Fwd: Confirmation”. The malware can also be executed simply by hovering over the attached file’s linked text; no macro scripts necessary. Due to the ease of infection, more and more machines are falling into the trap.
The email attached to the malware reads,
Please see attached purchase order for the moving of equipment from=London to Surrey on Wednesday 31st May.
Nasim Khan, E-Pharm Limited
Phone : +44 (0) 203 3002245”
The attachment files can consist of “order&prsn.ppsx”, “order.ppsx”, “invoice.ppsx” – or even .zip files in some cases. If opened, the PowerPoint file displays a single picture with linked text: “Loading…Please wait”.
Simply by placing the cursor over the linked text, the user will unknowingly execute the malware via a PowerShell code. Despite the obvious malicious intent and ease of infection, Microsoft is adamant on utilizing their security features to avoid this situation. The fact of the matter is that these attacks can be easily eluded.
A Microsoft spokesperson had this to say on the matter –
“Office Protected View is enabled by default and protects against the technique described in the report. Both Windows Defender and Office 365 Advanced Threat Protection also detect and remove the malware. We encourage users to practice good computing habits online, and exercise caution when enabling content or clicking on links to web pages.”
Microsoft is right. Users do have the responsibility of protecting themselves – and learning how to protect themselves if they’re unaware. While the technology and software companies we purchase from should implement better security tactics, the general public should also always assume otherwise. It’s better to expect the worse and prepare for it than to expect the best and lose from it.