PowerPoint’s Mouseover Malware Trojan Horse

Created: Tuesday, June 13, 2017, posted by Geetesh Bajaj at 11:03 am

Trend Micro released a comprehensive blog post that talks about a trojan horse PowerPoint mouseover malware triggered by an action setting.


Trend Micro released a comprehensive blog post that talks about a trojan horse malware triggered by PowerPoint’s Mouse-Over action setting. This action setting can run a PowerPoint macro.

OK, this is not as bad as it may sound. Why? I can think of three good reasons:

  1. First, PowerPoint will not let any presentation that you receive run at all. Such presentations typically run in Protected Mode. This mode shows a strip below your PowerPoint Ribbon that has a large Enable button. You must press this Enable button for your presentation to run any macros, or even be editable in the first place.
  2. Secondly, most new versions of PowerPoint since Office 2007 only allow macros in special PPTM files. So your regular PPTX files have no macros to run at all. And yes, that means you must be running a very old version of PowerPoint, such as PowerPoint 2003 to end up running a macro in a typical PowerPoint file.
  3. Let us now imagine that someone was foolish enough to run a file that they did not recognize. Then they were ready to click that Enable button. And then they also played the presentation. They then did not use the keyboard or a remote to navigate between slides. Even better, they actually hovered their cursor over an object that triggered a macro.

Well, if any person is capable of being so vulnerable–then they really don’t need PowerPoint to get trapped!

I am not saying that this problem does not exist, or it should be ignored. There’s one site that says, “You could also try to totally steer clear of PowerPoint files—some designers and businesspeople argue it’s a fundamentally flawed way to communicate, to begin with.

All I can say is that if you want people to not use PowerPoint, please find a better reason!

Now let’s talk about the Mouse Over option. Many people, even those who have used PowerPoint for years do not know about this Mouse Over option. To add a Mouse Over, follow these steps:

  1. You must first select any object. This can be text, a shape, a picture, or anything else.
  2. Now access the Insert tab of the Ribbon in newer versions of PowerPoint, and click the Action button.
  3. This will bring up the Action Settings dialog box. Select the Mouse Over tab shown in the screenshot below.

    PowerPoint Mouseover Malware

  4. Do you see the Run macro option? This option is the center-point of all this issue!

Disclaimer: Always be careful. The objective of this post is to keep you informed and aware so that you are not worried. But you must still be careful and make sure you do not click any option in PowerPoint or elsewhere without caution. Also, never open files from sources that you do not trust.

PowerPoint's Mouseover Malware Trojan Horse

Related Posts

Circle Illusion Animation in PowerPoint This story began with a message from my mother, who never uses PowerPoint. She innocently sent me a link to a video clip, which she thought would be s...
Timelines that are Different – 04 Creating timeline slides can be so much fun, not just because your options are so many—but also since each timeline is completely different from...
Add Circular Text to Target Diagrams (any Shape) i... Received a question from an Indezine reader: Can you help me? I have built a target diagram using your tutorial (Thank You for this). However, I now a...

Filed Under: Troubleshooting
Tagged as:

No Comments

Microsoft and the Office logo are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.

Plagiarism will be detected by Copyscape

© 2000-2017, Geetesh Bajaj - All rights reserved.

since November 02, 2000