back to article The ULTIMATE CRUELTY: Sandworm uses PowerPoint against Swiss bank customers

The Sandworm vulnerability is being actively abused to attack Swiss banking customers, Danish security consultancy CSIS has warned. CSIS reports that the attacks are pushing the latest version of the Dyre banking trojan. Attacks arrive as spam emails under the guise of information about unpaid invoices. In reality the …

  1. Buzzword

    Olé olé olé

    "Object Linking and Embedding (OLE) object technology is used to share data between applications so that a chart from an Excel Spreadsheet can be included within a PowerPoint presentation, for example."

    We're tech readers, not Daily Mail readers. Give us some credit.

    1. Anonymous Coward
      Anonymous Coward

      Re: Olé olé olé

      Have you not read the majority of the comments that commentards post in the forums? I am surprised El Reg didn't explain what a spreadsheet is...

    2. tony2heads

      Re: Olé olé olé

      I never saw any good justification for OLE in Powerpoint. Surely an image of the spreadsheet (maybe JPEG or PNG) would be fine. I have never seen anyone use a spreadsheet to actually calculate anything inside a powerpoint presentation.

      1. Captain Scarlet Silver badge

        Re: Olé olé olé

        Dear lord no, the amount of times someone wants to modify text on an image they have is rather annoying. Almost as bad as people making you have to click something on a slide to make a video play (JUST SET IT TO AUTOPLAY >_<).

      2. Ralara

        Re: Olé olé olé

        Not necessarily to calculate stuff from the presentation itself but we've had status boards on plasma TVs which flip between powerpoint slides which use OLE to have some graphs / data change as the spreadsheets themselves change - allowing for "live" data, as long as you refresh the powerpoint every day or so.

        Clunky but some companies don't have budgets :(

    3. Field Marshal Von Krakenfart
      Headmaster

      Re: Olé olé olé

      We're not all tech readers here, I've seen my PHB looking at elReg

  2. Alister Silver badge
    Mushroom

    Oh My Gods, NO!

    Not Power Point!

    It should be banned by the Geneva Convention as a "cruel and unusual punishment"

    1. mdava

      I recently read a novel called The Weirdness, in which the devil made all of his proposals by means of PowerPoint presentations. Which sounded about right to me.

    2. Solmyr ibn Wali Barad

      Indeed. If email admins were to, completely accidentally of course, redirect all PowerPoint files to the spam folder, it would be a giant leap for the mankind.

      Sure there would be complaints, but there are well-established answers to them. Sysadmin standard answer #112 (Well, it works for me) for one. Flip the bloody excuse card, you bastard!

      1. Peter2 Silver badge

        Yes. The problem is that the ones that have been bombarding my organisation over the last 2 days are word documents though, and while I can get away with dropping emails containing .ppt files, along with .exe, .bat and anything else vaguely dangerous I can't sensibly lose drop word docs. If I could get away with dropping excel, word and adobe files then i'd cheerfully do it since by volume most of them are virus ridden.

        I ran a blatant virus through jottiscan earlier today and no AV picked up anything. That leaves relying on the users and hoping that when if they open a file that EMET5 prevents it from doing anything nasty.

  3. Caff

    irony

    It would be ironic if one of the emails contained a powerpoint presentation about cyber security threat of sandworm itself

  4. ecofeco Silver badge

    What a coincidence for the day

    Dilbert cartoon today. Some of you may get it.

    http://www.dilbert.com/strips/

  5. Al fazed
    WTF?

    Aghast

    that microsoft are still "allowed" to sell Operating System software to anyone, even more so that governmints and other supposedly responsible/intelligent organisations like banks, are still buying Microsoft Operating systems, er sorry, software of any description made by Microshaft. Swiss cheese was the term used in the 90's to describe Microshite software and that hasn't changed, in fact it's got even more bloated and has as a consequence, even more holes. Isn't it about time they tried to make their softwarts a little harder ?

    Surely these types of vulnerabilities were recognised and mitigated against way back in Windows 98 when MS first got into delivering networking capabilities (and mass sharing of all your files) out of the box.

    How many more times are Microsoft going to be allowed to con end users into buying and installing some NEW "shite" that really should have had all this crappyness fixed BEFORE the OS was released to the general public.

    FUCK governmints and military shitheads, they get all they deserve the arrogant pricks.

    But stupid money bearing NEW end users come along in droves every few minutes wanting a point and click world, so at this rate, there'll never be an end to this sort of malarchy, oh, sorry meant anarchy. Any attempts to run a country or a bank, etc using these softturds is just a fucking joke, always will be.

    And Caveat Emptor is dragged out yet again. (maybe 'cos it's Latin that uneducated end users haven't got this one yet, but banks should have !)

    ALF

    1. Anonymous Coward
      Anonymous Coward

      Re: Aghast

      If Linux was 90% marketshare do you think holes would not be found in it?

    2. Hans 1 Silver badge
      Windows

      Re: Aghast

      >But stupid money bearing NEW end users come along in droves every few minutes wanting a point and click world, so at this rate, there'll never be an end to this sort of malarchy, oh, sorry meant anarchy. Any attempts to run a country or a bank, etc using these softturds is just a fucking joke, always will be.

      There are point and click environments out there that do not have these kinds of problems, thought I would let you know ... I upvoted, though, the rest is ok, imho.

  6. Stevie Silver badge

    Bah!

    I love Friday Morning Hyperbole. "Weaponized" software, and Powerpoint as Satan Made Manifest.

    Over yourselves you must get.

    But OLE in PowerPoint was always a bit silly. I put it down to Casio Design Methodology: If it can be put on the chip, or if it happens as a side effect of something else we want, stick it in the manual as a feature and see how many people use it.

    Hence pocket calculators with biorhythm figurer-outerers and tone generators result in today's inexpensive keyboard and synth market.

    What's needed is a bit of culling.

    But I won't agree that PowerPoint is bad per se because it once helped me get across a point to a point-resistant crowd. I was desperate for a new way to explain the issue before they simply cancelled our contract, and poking around in my company-supplied laptop on what might well have been my last flight to that customer revealed powerpoint, which I had never seen in my life (this was 1996). Two hours of in-flight self-education while working later and I had the contract-saver all done.

    1. Hans 1 Silver badge
      Boffin

      Re: Bah!

      You know what, I am a trained trainer ... and powerpoint sucks dicks to get a point across ... unless you have a bunch of numpties in front of you who will appreciate the prowess to have managed four different font colors on a single line ...

      Seriously, though, a whiteboard does the trick much better, you do need to know how to entertain and draw, though ... PowerPoint, Impress, KeyNote is for the rest.

      KeyNote beats PowerPoint hands down on `wow factor` ...

  7. gollux

    Death by Powerpoint - heh, hehheh, hehh...

    From all of us who've dealt with zombification by bullet point slide and an uninspired reader of said slides who purports to be giving an informational presentation.

    'Bout time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019