PowerPoint files could be used to hack into your PC

 

 

Beware that unexpected PowerPoint slideshow file: it could turn your Windows computer into a zombie.

 

Hackers are exploiting a zero-day flaw in Microsoft's Windows operating system to make targeted attacks, security researcher Graham Cluley said.

 

"Fortunately, the attacks seen to date do require some user interaction to succeed on Windows computers running with UAC (User Access Control) enabled, as a consent prompt is displayed. Unfortunately, many users are in the habit of simply ignoring such messages, and clicking to make them go away," Cluley said in a blog for security vendor Lumension.

 

He said attackers could create a booby-trapped PowerPoint file they would email to a targeted company’s users.

 

The attackers would then use social engineering tactics to trick the user into opening the file.

 

But the file contains a malicious OLE object that could potentially install more malware that can steal data or allow attackers to gain control of the infected machine.

 

A second form of attack may be web-based, where an attacker could create a website hosting a malicious file, or compromise a legitimate site.

 

"A typical method would be to email a hyperlink which points to the malicious web content to the targeted computer user," Cluley said.

 

Cluley also said the attack could potentially involve any other Microsoft Office file type, or third-party files, capable of containing a malicious OLE object.

 

For now, he said Microsoft has produced a temporary one-click “Fix It” tool for some versions of PowerPoint.

 

In the meantime, Cluley advised computer users to make sure their machines are properly updated with the latest anti-virus updates and security patches. — Joel Locsin/TJD, GMA News