Security researchers have discovered a PowerPoint file that, when opened, will download malware to a computer when a user hovers over a link. While the UT System Administration instance of Microsoft Office has security measures in place to stop the attack from taking place, the measures rely on users responding appropriately to the Security Notice dialog box.
The file is a PowerPoint presentation sent to users as an attachment with email messages bearing the following subjects:
- "RE:Purchase orders #69812"
The name of the PowerPoint file itself is: order&prsn.ppsx, order.ppsx, or invoice.ppsx. PPSX files are identical to PPTX files, except they start the PowerPoint in presentation view when opened, instead of the PowerPoint edit mode.
Take the following steps to avoid being a victim of this exploit:
- Be suspicious of unexpected email with attachments or links, even from friends, family, and colleagues.
- If you click on a link or open an attachment and a security warning dialogue box pops up, pay attention to the warning, do not ignore it.
- Ensure that Protected View is enabled on your home computers. Office Protected View guards against the “hover link” technique.
- If you receive a suspicious email, forward it to firstname.lastname@example.org
For more information on protecting your computer or if you suspect your computer may be infected, contact the OTIS Help Desk or the Information Security Office.
OTIS Help Desk
Information Security Office