1/17/2008

Microsoft Warns of Excel Zero-Day Attack

Filed under: — By Aviran Mordo @ 4:53 am

Redmond activates its security response process after learning of a zero-day attack against a new, undocumented Excel spreadsheet vulnerability.

A new, undocumented vulnerability in Microsoft’s Excel spreadsheet program is being used to launch computer attacks against specific targets, according to a warning from the software maker.

The vulnerability, rated “extremely critical” by Secunia, is being exploited to load a keylogger Trojan on select targets, according to an anti-virus analyst tracking the latest attack.

The attackers are using booby-trapped Excel documents, sent by e-mail to the target’s mailbox. If a rigged .xls document is launched, the exploit happens silently in the background, infecting the machine with a Trojan downloader that opens a backdoor and waits for instructions from a server controlled by the attacker.

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress