Researchers have found a new form of attack that abuses the action of hovering over hyperlinked text and images in a Microsoft PowerPoint presentation.
Trend Micro researchers discovered the "mouseover" technique, used by a Trojan downloader also found in a spam campaign hitting EMEA businesses in the manufacturing, education, pyrotechnics, logistics, and device fabrication industries. The downloader they analyzed delivers a version of the OTLARD banking Trojan, also known as GootKit.
Article @ DarkReading
Trend Micro Blog
The sample found in the wild by TrendMicro was highly targeted however now this information is in the public domain, it is likely to be found in more widespread use in the near future.
The original file used, displayed a hyper-linked "loading" page and if the user moused over the hyperlink, was then infected. As always, if you receive unsolicited spam, delete it immediately.
The vulnerability affects Microsoft PowerPoint (full version) and does not affect Microsoft PowerPoint Online. Other presentation software (Such as OpenOffice Impress) does not appear to be affected.
Sludge