GCN Tech Blog

By GCN Staff

Blog archive

Microsoft Excel attack in the offing

Microsoft today confirmed a new hole in its widely used Excel spreadsheet program.

Security firm Secunia has reportedly been able to pinpoint the flaw on an updated Windows XP Service Pack 2 system with Microsoft Excel 2003 SP2. According to the firm, "This vulnerability is a so-called zero-day and is already being actively exploited....Don't open untrusted Excel documents."

Windows 95, Windows 98, Windows Me, Windows NT and Windows 2000 machines running Excel may also be at risk.

In Microsoft's Security Response Center blog, Microsoft Operations Manager Mike Reavey wrote, "In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker."

Symantec Corp. was reportedly first on the scene to spot the attack. In it, a Trojan horse called Trojan.Mdropper.j is transmitted in an Excel e-mail attachment with a name like "okN.xls."

eWeek describes the subsequent attack this way:

"When the Trojan is executed, it exploits the Excel flaw to drop and execute a second piece of malware called Downloader.Booli.A. It then silently closes Microsoft Excel, much like that way the Microsoft Word attack worked.

Downloader.Booli.A attempts to run Internet Explorer and inject its code into the browser to bypass firewalls. It then connects to a remote Web site hosted in Hong Kong to download another unknown file."


Major security companies have already added signatures to detect the attack, but users should beware.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Jun 16, 2006 at 9:39 AM


inside gcn

  • cloud services (jijomathaidesigners/Shutterstock.com)

    AWS GovCloud gets more enterprise services

Reader Comments

Tue, Apr 7, 2009 del_piero

For solve other problems with excel files advise try-http://www.recoverytoolbox.com/e DOT xcel_file_repair.html,as far as i know software is free,it repairing Excel files, except the possibility to export recovered data into a new Microsoft Excel file,repairing Microsoft Excel files,will learn more about this problem and about how to repair an Excel file,will learn more about this problem and about how to repair an Excel file.

Tue, Feb 17, 2009 mutu26

Heard about not bad program which works with excel files and possible more than-http://www.recoverytoolbox.com/e DOT xcel_unable_to_read_file.html,it is free,utility save important information,such as graphics,statistic and mathematics,program will help you to recover valuable information and avoid its losses,tool scans your broken worksheet,then gets the data from this document,will help you to repair damaged files in Microsoft Excel sheet recognizable format,repair file Excel this file is not in a recognizable format, Excel showing this file does not in a recognizable format, or Microsoft Excel worksheet this file is not in a recognizeable format, it is an Excel file error: data may have been lost: Microsoft Excel impossible read file,tool performs a scan of your corrupt excel files not recognizable format and attempts to recover all available data.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities

More from 1105 Public Sector Media Group