On the eve of Microsoft's plans to fix a 2-month-old vulnerability affecting
Microsoft Excel, security experts warn that booby-trapped Excel documents are
circulating with malicious executables.
According to an alert issued by the United States Computer Emergency Readiness
Team, a malicious Trojan has been rigged into .xls files that are being
distributed via e-mail.
"Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS.
These files may also contain Windows binary executables that can compromise an
affected system," according to the
US-CERT warning.
Researchers at the SANS ISC (Internet Storm Center), a group that tracks
malicious Internet activity, have confirmed the latest attacks, which are
exploiting a known—and unpatched—vulnerability in Microsoft Office Excel 2003
Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel
2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac.
Who are the 15 most influential people in security? Find out here.
"We can confirm these attacks and have been tracking several exploits over
the last few days," said ISC incident handler Maarten Van Horenbeeck.
Van Horenbeeck said the exploits have been limited to a very specific targeted
attack and are not widespread.
"In total, we established approximately 21 reports of attacks using only
eight different files, from within the same two communities, so far," Van Horenbeeck said.
An examination of a sample Trojan shows that it opens a backdoor on a
compromised Windows computer and connects back to update-microsoft.kmip.net
(221.130.180.87) on port 80 to retrieve the IP address of the actual control
server.
Microsoft confirmed the vulnerability Jan. 15 and issued a
pre-patch advisory with workarounds for Excel users.
In the absence of a fix, US-CERT recommends the following:
- Do not open unsolicited or
untrusted e-mail messages.
- Use caution when opening
e-mail attachments.
- Block executable files and
unknown file types at the e-mail gateway.
- Install anti-virus software,
and keep its virus signature files up-to-date.
- Review the US-CERT Cyber
Security Tip - Using
Caution with Email Attachments.
Microsoft plans to
ship four "critical" bulletins March 11 with patches for multiple
vulnerabilities in its flagship Office desktop productivity suite.
According to the software vendor's advance notice mechanism, three of the
high-priority bulletins will cover holes in Microsoft Office while the fourth
will deal with issues in Microsoft Office Web components.
Affected software includes Microsoft Office 2000, Microsoft Office XP,
Microsoft Office 2003, Microsoft Excel, Microsoft Office Outlook and Microsoft
Office for Mac.
It is likely that this batch of patches will finally provide cover for the
Excel flaw that's being exploited with this latest round of exploits.
IT Security & Network Security News & Reviews News & Reviews 
