Zusy virus: do not need to click on the pop-up PPT file hyperlink can be infected – Penetration Testing

Last week, security experts found subtitle files containing malicious code that could be hacked once they were running on PCs, smart TVs, and mobile phones, and the vulnerability was then fixed by Kodi and other mainstream multimedia media. Since the beginning of this week, a new variant virus called “Zusy” (also known as Gootkit or OTLARD) has begun to spread in Europe, the Middle East and Africa.

More importantly, the malware does not infect the system in a traditional way, such as macros or other scripts, but rather by hiding it in PowerPoint files. When the user opens the document, it will see “Loading … Please Wait” in the slide. When the user moves the cursor over the hyperlink, the PowerShell code contained in the file will be triggered even if the user does not click.

If the victim moves, the PowerShell code will be executed and connected to the site “cccn.nl”. Then the malware will download the file from the domain name and execute it, eventually deploy the malicious program downloader.

The post Zusy virus: do not need to click on the pop-up PPT file hyperlink can be infected appeared first on Penetration Testing. http://ift.tt/2rYAn6c http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s