|
|
|
Microsoft Confirms Excel Zero-Day Attack Under Way
By: Ryan Naraine
2006-06-16
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
The software maker activates its security response process after learning that a Windows customer is the target of an attack against a new, undocumented Excel spreadsheet vulnerability.Microsoft June 15 confirmed that a new, undocumented flaw in its widely used Excel spreadsheet program was being used in an attack against an unnamed target.
The companys warning comes less than a month after a code-execution hole in Microsoft Word was exploited in what is described as a "super, super targeted attack" against business interests overseas.
The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers.
In an entry posted to the MSRC (Microsoft Security Response Center) blog, Microsoft Operations Manager Mike Reavey said the company is investigating "a single report from a customer being impacted" by the latest attack.
"Heres what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker," Reavey said.
"Remember remember to be very careful opening unsolicited attachments from both known and unknown sources," he added.
Microsoft has activated its security response process, which means a formal security advisory will be issued within 24 hours to suggest mitigation guidance and possible pre-patch workarounds.
"Weve got the Office team engaged of course, and they are hard at work investigating the vulnerability," Reavey said.
According to security alerts aggregator Secunia, the Excel flaw has been confirmed on a fully updated Windows XP SP (Service Pack) 2 system with Microsoft Excel 2003 SP2.
Anti-virus vendor Symantec said Windows 95, Windows 98, Windows Me, Windows NT and Windows 2000 computers are also at risk.
Symantec was the first to raise a red flag about the attack, which includes the use of a Trojan horse program called Trojan.Mdropper.J.
The Trojan arrives as a Microsoft Excel file attachment to a spoofed e-mail with the following name: "okN.xls."
When the Trojan is executed, it exploits the Excel flaw to drop and execute a second piece of malware called Downloader.Booli.A. It then silently closes Microsoft Excel, much like that way the Microsoft Word attack worked.
Downloader.Booli.A attempts to run Internet Explorer and inject its code into the browser to bypass firewalls. It then connects to a remote Web site hosted in Hong Kong to download another unknown file.
Symantec, McAfee and others have added signature detections to remove malicious software that attempts to exploit the vulnerability. Microsofts Windows Live Safety Center has also been updated, but security experts say the attack can easily be modified to bypass signatures.
 Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������x}kw89�v2��zۑrdK5-ؓݣC6ErHʏΟ_߸U�҃HMmK�X@�
B�;;~$riOșc-Jvg1ȣ&w$5vv~]�4i=*_rdx�9%GFԲ|W��軫�F]̉]ύ�P/�?`���᳑(,�Q � tjGt0]2d�Ե;s6!7LP_ƾQ/?1ǻ
�Lbh�q٤XC#�: rWü%~`zN<>Q�Ѻ�8>YQ�w,8 a}c�$B �g&�tob�Q�>)*X^P~�D;ǎ5~{N��?0/Pcw��0}�rF7@Sѡ*v�25v+n
�/�@^��c\ȁLnh�=�T͝�L=iT�VE��;&�3ÝtXF?D���#r<�r@J�53g�=SےO=s��빎;�5H��`��YT4ne$DJH�n6�,!\�G-%0/`=2}h���:a;6]�Uh?AWuomzV�un&3}27 p%X䄍ER6'�>6O)�|@�ɠ#�ӱCԣz�/˺79h#�m�#@SKVUBX)ځ^rww3mù-Ӟߛ89n~ߌ돿NiR;wN.r$�(�p
mKIu]+h5�e=US�^_�wD_*�0QI-�Y|/�Z@GS�::yXB^�,9ϑ\R�yǛK�a(�7F`X@7�? iP2|�q*� ߱n^S;G�7ۯZx۬)
��r�
tKs;�n�ZK}0�[=RFp�\� Д��a�Cx`Ma�b&DJH7�єy�e��$�}ВEtBAͨ8
.)J�!"xV3ˌE�!\J��!=!
g�|��8Jn.b?G�_5
.�awWʲ9QY�+K\M�ޢG��\z�cO�feEz�^�?{6LqJ�j�p�X.B2iKB0NqjꛛZ\MfzP���b�(7Z`Lm�,��5,L�tϭ y0�`�h��vz3�Ϩagnۉ9~��t$�AG66^lzK�$�
,70}HOQI�4�X8=�c�O�v�/|�\aP���n=D�5��i��-DCw
0Ie&3 yK��Νdrk�o͠~�(wEP�>X^0 vjq.Hp�yY?9���d}
�wA�,�߽9�#z[MK��x�G�zR�P|'sZ(�w^`��{"�� E�EK�y3@� $h�5�a��z����>�
�ŊI^KH�X-�Vpp�(6ݞ�H:u&@-KEs㙰TL٣XB�Y�X/_��23CCɴh4Z�*ȉ#�m"0�%X����
-gZ
X�k5Ʋ
f�hZ\O�4MhȄ%�b�i]y�e&,`b� HK��%\Ew,[t�3�Asp=7�c@C�ys[J�z0aEiŬ9g߃)9���i`(^HIRЙj!@�9z٧l�)�?ΖuV�kͲG{_�No6�Ҟy4�m�
{g�@xC� dlK/,:�+c:JK�_ji��hH*6�@\X1,#��%>D!1~h�/a2(%m;@=pl=50_ܰ큡�jrAڿ�Ȕen1UKU9,Wfn
����(��Ő`�AE}a�&�ʥ
Ë�;r\�c3s=#S=`sq˱3 �m0T�ϣ(a!��w1
Z�JkX�"lM
M=t�%\�4(e\�8��XbO`�\F�Czn/.�K�q{y]ؕΛRT�||n�N �>v?|4'Z>�plZ`/R7uk#�R��XO%}�T5&C�l
�ԑq,�Y�X�Tر,.0}6u(MEZ"g=��GN4uD86[-OAE-��4$qx3??uPV��&<�[?w�sz�>UF�=.3�$#�о'hʰe�h8`Zzq&�$KD(�Oܥx&\3atS�M副3ۊ��h0Aq�_8R"X @548�~�x�} *��O$B\��-�-UŨN=I��=�7`q0$zc�K&��GGs�ݧ==1g��匬3� � d�VB�S{�ZYUKZTp~W`s�ϏyO�?�"5t�8��x_ℯ?�p˻Su??�
L4�/�Vj�zM͠G�>sn���,�|rqZE�L�[v�O`��cV av5 1;���>U�kJ?C2By^�YhwrR"
QppgՃ)�u;ufv�9A�#]#@$72]�r�A
�XQj0q9'&
B1&GJF�g%:��!pwC*2#Xݘ
`��1}j$�a��!L`wf0%�+
#mqJs�8- uW:'sjZS��Z+�::>j��nM�=�=��K�$*�X�#� 4k
0�Y[�⺪TjՂʾ_XN+^�>
(��Lu0Ȑ�%=�GlThO.1�Um$�R*C01^�*== 7S_ �-ʖ~kѲ��ՆgQyϤͳp[> |d9s#Oq釛L+ S0�sI�l
x@̬kGj1m9�7a~���4��('cjZ)��`,fqNg�GA:�lCs0X3f~Wk*��kt?y{��z�&��w�ܕ[0A^�c�C-oc�d��.ō�fπïdž�
mԚ�VNM&�Vi
VZ�[�zGd!9�zB$>�s/OR-4SK8�n�7=R.��R
2=ct�89e}̭�67OUU�NS;:9&_P@ZhO��\ k8spIY>��2I*"E�eB�8NY�H�XL*r_���kRU� 4DB.(��}r'nP�zQrZ%:�j}$c�P�U]|T&#UX)TԒP?YTAtyU!n?mVPVW`Zd&s�ڜ%\{s��i0o(Qr�3["X6DД�7Ϩ��3�Rb��
kQh#e[��,q/�7:���?�ٿ:N|00�vI?�0WKο�H�LЇ_y}R: j%uΚ�lb8�}�L@IP
��4p= i�COՓ"ju?H�m}�#8�-�d�D4|w�ιQ{ɏ�y[J:^��9 �!5O;�Y�F�^9:m7/�O�M1k�0fhR`Q��fjmX#�h^��6�"B�@�˸t/[K,�8�;XKr!�}&�=C٠<��E?eVxy�_aݪ�,d"0�.&��Wtv}��E9����ǀzB�*�.N#i%LB�(�
�`E/Щ
cA�HF�rI'zRG�>egQə�π/PI�S�):�*9Q{_akѷo9Aߐ>O1Okw�tE�p[(k��hL�VbsZ;չ"=B2�^'68�O;=h)9��H�BFE/p�ǻ��"T} zOaP;DZ3pu*h�hw-�gSsS)�d�AGJ脊fye5))eH5NR�MLC]�OC/�%$�;�kB:zs �gaM�6mn3�jt>l6D20�&@v�\f0Ӑ`�q��5OÉ@P� V�-�QגZ4ҫoeW!9�
��|@�s`#�~�zv`�5g3
\cA�)cn
��~U��ު.9G�q\x,3u6,�ɺ,�(^)U&En�c;˟|̎?�KK]��JvG]<-f~e��0��&NG;:��`<�'JHzgL�j���F_fTǑbA_/CF#"��a+^j13�Ef�تPc5G+=sb+e䐖c
!%:i��L�$sRݳɉs��I @b�-�-:nU~e戟㜏�/�,u|I-D=wv�?=y�Kb:Z-�oQw`'`q@܂_��ו�n��dB}t,8[P� gY$9lBg!�:YQm4'1bB:Ä~q��]]�e^�60U�-�bk! &0�.��ß3�mpe��}_�v�b�cYf�j1v\���ck��ܛIf�+qJM;�+dij&�(%KR$�]q"q�/.+q�=tPnA�%�v`ZޔZ-Nd9��g3^�Zs"-S H\$[J.f9��xH<>�b�0ZnQ/�yמĩ���
��1\E�]+%U+�j�|Q,~4,^6o[6�d�#�K+>�xő#ZPS/�7��1�lJi�ԛ>a
3㻴�yq�Ќ,,̲ Ͽ^Y}?�+ �[tx7:S~(b��t�'�pNج&�(a@.B�.A$�w!]"J�=��H�d
�I6Ӡ+˗�
.m�/KZ{�mYe���� a�I� A|�H�f�'TKO$L/,S�'g�[j7xzFSpI�bD0H"$Xv?rc>һ�M--N�+(�egAl*s����igcmlXq,́�7:p��,b�$}��v�\�ģ�{68u&ΠRJ\`[v;�0
~IO�6#/Iz�˓f(q�W?ʤoKf�JeUq<�\����xmM~
QjL=6۬7oǜ:vj}m�嵙=m{{�7i�/`�W۰:pX�Eɡw�0m-m,љsKs*eX
-}-%�[[͆S=�[�3з� �ƗY'dk
[IHg�c;Wp
8c[Y@7i:�
,��#%]�D�.ޮcbn�>&:F�?�p髆H!��'�[ȗy�0X�'Iӈat��mb�%1Y~�Gj���OQ5i[.sFG�PC��7n�!d9o<1cT<y| [D��1pSo\x?��*Oǝ@ ]r�g@~��bZsʉmOѵZxMEq`n5BX�C{$&��|q�CvH
rซذxj~�r,z��wk>�$V8E =)96ia?`ؕĠ�AI��B4즢�w�ĸW\�n"9wI‛X�WW�kEa+� ,��f"�Y�"�'"�KIE�/]^|�5�~8�.
dБ�y���^Pl&vn-�f��\95�͂E�/
tM��c%5S(5ub?=G/ttAk-c"]J1xy��[M̀+5fL6P;qU6'�a2�֢@O�
eˡW�qb\o6�j�8 FgJ�K$h�Y�п���{{i/1�~H+k6&<0"yюMUbtM-R^@~j�4Z�oMϱ/;OļX\sn0��a1,9+iZ`3+nslKZIȶ8+il�wAQg)q8�@�ȉn붩���eсHz.�:N#�e#Q�^߈�fZd#nO5�0儔7�JzN[E�
4&�{ud�)W'���n�YVmIr .�kh�>a${ݳO�R(kUeAb+;Y�!kb��^;ҁ�W+qܖtb,��,�Q:�o�I XPp��MA+WTD~�N�d�>�M��x\Hґu
/`�< z̥7f{@r
�q�,��Ye)+�փފ> rF@Yj$1G���P5�6�:i�)9o_N~��V�=�g`
Xț�\@S 죋BJ
>^N4�? <8$�EuE)�d; wMy��M�x>�h�c>zS?�!ᘭ#!+^�bΑfB(ͨxySjJ�z#;�'p�p�\`sr@K4L*2&�B�s�8���翛{__/{=&n%[ր ၰ
�5"���L�$]Pa�c�tkȚ�1;|={0d({\u;�LQZj��*�!b3wأ4ϓ �}�H-�0�gF1vqY�@��y#��LL�݂zĂG�(�^bJ ͍$�u�~;�w0��u|�`EP00��aLn3 MqW�NgCj9~`�`n�\�ovN���+'��P=:ςؽx1s!aZ;<:Q���B�<䱤�Pl�<'��JHLo6��29((��
�@Ka1c�~PoVR$4
>�(�>g�ٕa)豪�7)^Y�;ee�=M蕴B��^��Șq�/Y�o?#�&O=lFLn�r5��q4eMz�{G~{N�ۧk<�m[8j?V9>�u/>�w�~qlz0�c~lT_d�_T
ΓQ�9>o283ޢksYx�9%�i�*w�8l�G�IwPJTٌ/!j�bTթ4�W?fz
eӲ�p�:ϏПxu3�K_M�9FyS�A^�^ZA
'M&7�b�Q>m�Ik&5+<�v<(��3_3/r}Q�8QޅnF9rz}y�hjg�Acq�}>@?d'(kt֗wZFQ�d�3r'�{^Fg(�fٮq1>gY�g�,�>,g@��g��e�Y�g~�W�'P~Q7([F�eg9yg_��O7CtAt3�E�\��_�\fO�e�{���c}'O�u�WYU�~W@�]CuV9u�^C�_�]g_ry�ʛ�rּ)��aFy)8R�E�rXB�gנ{'sg#�Q\W�KM0TntEճKL7cn%:@b�a/!
c|U$X2M*>#(���^>&c����˼$=)>w�槤I��xմ] &JRo-cENj9.~QJxdB$d�3-F�Dka@D1�K�AF0_w��Q2��L��xĻO�%��ݞ܃�~��n��7�}Fz�n��_�x�`:
~iMnڧ.[Dpqk;ُϋGkw�Օ�Ɗ |3O߆z��I�'<+;u�>��x�P�[ЙqeqޢD�)�F�yk@�x7�r�܌��u>赏>]v�ҾP�`24UJ`
�z!�J1
�4c֭dKb(�p
E���У���Ș˘V͛YȌ�N�#^"_�v3:mc�(2��)��b��b�;ˈT`T|Jx �ofq9����|L:AÆ�^Ėٵv"nyhp�䓿
t89ti[Ìs,�i܂z3y2MV=�ȾwF=C_L#x
uYtax~�p�7t�ds�9�^��o��p=� }܆`:}��i#�x�n'QgqM
H@f�]�Me~gZgGОf@L��V8.>�/Ӄ4b�5V$1x_%05:�%�xl�Ӎ�Qf���r{^f$�W"nrG37$��\�ؓJq}�lHpzusʱ
E9�a类nǝ)Z;Dœj@@rĶ� o�ckʤ3Idi���b0O|e'0O�2#0' MĮ+faY0}g�iٽ ]�='��̄0Qxi^|/}T.q
5sE�Eב�E,&J �
B8Ʉй;6M(F��9ao5RFXk[MA�c>;ulȮ�9\7�AU0D00�Y��~l+>AՋp`Hz�B�X�t(n�hD,D*�9"[�o�%�P�@EikA/?tI3ۉd&%�}YQ ��v.ycьU%�$t|1(H@%Gb9G8]!
""_Sr0XP�y74<�p2�I>01n�9��[T:�9����Am'{Ǧ#�U|ٲsg1cbV!qme�F�ӧWK�e[� ��O"+!MX���o�[Oulם8E�
P��1қv,jL_��ԕU`7g#�~"�3V���œA6p8M�!(_Gْk0�=u�}^nT "+1��<&`#��]��&�\f��\j_fL�.�ѮBTvbbq�Y;g;kMN�lZt�ȡ(�l}�j��͜GԋOg0xeҕhOɬnq;�Z?] m-1+$~Il=du�-W�rcd+�{f�:ePFEX�l+�!R=+�K�ei$Vi.Htz8uF얢U��.nD���{z��w1Ǹ[�0tczc�Ƌ�Rd�GB~Dda��gZ-*?҂g'�Q\�F$30(�y��lH�K9��m5'0X�1'(��N�R�Qf7}`�N*)As�a#Dl���[ApV�=\89z0#Er�,�e���Z,aZ!%ӫrX�ul�#�"|fna*�H���],M��c|R�c9zbf�r癰�W`0M�Z�.<�ȳ�(`,��Lv"V�KjMΡmdqR!*a�cT 1L(�_W,R�Y��דWv!;�Zq�|��E>�WNENE<<�Sf}')VSL_Xџ�_<|ړT+w\�ƕy@Xqө8Yo?.ɛw�By=Kͳ}�RIg趾�V�;~v��?;u~m a�%
ѨT\��_;�N+�,�Z膗�6>~~:oIaE�e遢%!t/[4��!ջhZ�ɊxYο`(X��E�Ch�⍿c01�4ߛiUU�A$摭7yE1�um*�.yg;a+b(16lS24K�_hjVJl�xTɉY+z[q;�f[hh
/b�;f�1Բ�Lz(��
|
Network Security & Hardware 
