GCN Tech Blog

By GCN Staff

Blog archive

Microsoft Excel attack in the offing

Microsoft today confirmed a new hole in its widely used Excel spreadsheet program.

Security firm Secunia has reportedly been able to pinpoint the flaw on an updated Windows XP Service Pack 2 system with Microsoft Excel 2003 SP2. According to the firm, "This vulnerability is a so-called zero-day and is already being actively exploited....Don't open untrusted Excel documents."

Windows 95, Windows 98, Windows Me, Windows NT and Windows 2000 machines running Excel may also be at risk.

In Microsoft's Security Response Center blog, Microsoft Operations Manager Mike Reavey wrote, "In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker."

Symantec Corp. was reportedly first on the scene to spot the attack. In it, a Trojan horse called Trojan.Mdropper.j is transmitted in an Excel e-mail attachment with a name like "okN.xls."

eWeek describes the subsequent attack this way:

"When the Trojan is executed, it exploits the Excel flaw to drop and execute a second piece of malware called Downloader.Booli.A. It then silently closes Microsoft Excel, much like that way the Microsoft Word attack worked.

Downloader.Booli.A attempts to run Internet Explorer and inject its code into the browser to bypass firewalls. It then connects to a remote Web site hosted in Hong Kong to download another unknown file."


Major security companies have already added signatures to detect the attack, but users should beware.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Jun 16, 2006 at 9:39 AM


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.