PowerPoint’s Mouseover Malware Trojan Horse

Tuesday, June 13, 2017
posted by Geetesh Bajaj at 11:03 AM IST



Trend Micro released a comprehensive blog post that talks about a trojan horse malware triggered by PowerPoint’s Mouse-Over action setting. This action setting can run a PowerPoint macro.

OK, this is not as bad as it may sound. Why? I can think of three good reasons:

  1. First, PowerPoint will not let any presentation that you receive run at all. Such presentations typically run in Protected Mode. This mode shows a strip below your PowerPoint Ribbon that has a large Enable button. You must press this Enable button for your presentation to run any macros, or even be editable in the first place.
  2. Secondly, most new versions of PowerPoint since Office 2007 only allow macros in special PPTM files. So your regular PPTX files have no macros to run at all. And yes, that means you must be running a very old version of PowerPoint, such as PowerPoint 2003 to end up running a macro in a typical PowerPoint file.
  3. Let us now imagine that someone was foolish enough to run a file that they did not recognize. Then they were ready to click that Enable button. And then they also played the presentation. They then did not use the keyboard or a remote to navigate between slides. Even better, they actually hovered their cursor over an object that triggered a macro.

Well, if any person is capable of being so vulnerable–then they really don’t need PowerPoint to get trapped!

I am not saying that this problem does not exist, or it should be ignored. There’s one site that says, “You could also try to totally steer clear of PowerPoint files—some designers and businesspeople argue it’s a fundamentally flawed way to communicate, to begin with.

All I can say is that if you want people to not use PowerPoint, please find a better reason!

Now let’s talk about the Mouse Over option. Many people, even those who have used PowerPoint for years do not know about this Mouse Over option. To add a Mouse Over, follow these steps:

  1. You must first select any object. This can be text, a shape, a picture, or anything else.
  2. Now access the Insert tab of the Ribbon in newer versions of PowerPoint, and click the Action button.
  3. This will bring up the Action Settings dialog box. Select the Mouse Over tab shown in the screenshot below.

    PowerPoint Mouseover Malware

  4. Do you see the Run macro option? This option is the center-point of all this issue!

Disclaimer: Always be careful. The objective of this post is to keep you informed and aware so that you are not worried. But you must still be careful and make sure you do not click any option in PowerPoint or elsewhere without caution. Also, never open files from sources that you do not trust.

PowerPoint's Mouseover Malware Trojan Horse

Filed Under: Troubleshooting
Tagged as:

No Comments

Microsoft and the Office logo are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.

Plagiarism will be detected by Copyscape

© 2000-2017, Geetesh Bajaj - All rights reserved.

since November 02, 2000