New Excel Trojan Hits the Net
Tuesday February 24, 2009 at 10:06 am CST
Posted by Shinsuke Honjo, Geok Meng Ong
– Update Feb 24, 10:15 PDT –
Microsoft has released a security advisory for this issue (CVE-2009-0238):
http://www.microsoft.com/technet/security/advisory/968272.mspx
Many versions of Excel are vulnerable, including 2000, 2002, 2003, 2007, 2004/2008 for Mac, Excel Viewer/Excel Viewer 2003.
 –
A Trojan exploiting an unpatched Microsoft Excel vulnerability has been reported from the field. McAfee Avert Labs has confirmed that Microsoft Excel 2007 and 2003 are affected. Other versions may also be impacted.
McAfee DAT files identify known malicious Excel spreadsheet files as Exploit-MSExcel.r Trojan, and dropped files as BackDoor-DUE Trojan in the 5534 DATs.
As with the initial Exploit-PDF.i threat, current attacks are very targeted and limited. When succesfull, it installs a backdoor that attempts to connect a remote site port 80 and waits for commands.
The mitigation for this infection is to block unknown TCP connections. However, one of the best protection methods is to remain vigilant against Excel files from untrusted sources or sent at an unexpected time until a security update is available.
February 25th, 2009 at 08:02
How does this Trojan present itself?
My daughter was using Excel for a lab report and could not save the file because her Mac claimed that there wasn’t room on her HD; she clicked on the HD and had 8 GB. She tried to put it in a new file and, also, save it to a thumb drive… always getting not enough room on the drive.
Jim
February 27th, 2009 at 03:10
[...] New Excel Trojan Hits the Net (VÃa The [...]
February 27th, 2009 at 10:44
[...] Fuente: McAfee [...]
April 3rd, 2009 at 01:43
[...] We’ve just seen the Microsoft Excel 0-day attacks in February. Today, Microsoft published a new Security Advisory reporting in-the-wild attacks [...]