A new zero day vulnerability in Microsoft Excel has come to light that is actively being leveraged by attackers to compromise systems.
The attack is launched when a user opens an infected Excel attachment in an e-mail or a document posted on a website, and doesn't require any user interaction beyond opening the infected document, according to Oliver Friedrichs, director of emerging technologies in Symantec's Security Response division.
When activated, Trojan.Mdropper.J drops a downloader application called Downloader.Booli.A on the user's PC, which in turn attempts to download a file from a website in Hong Kong. This final stage fails because the website is no longer online, said Friedrichs.
According to the SANS Internet Storm Center, when Downloader.Booli.A is executed, it attempts to run Internet Explorer and injects its code in an attempt to circumvent firewalls, tries to download the file from the website, and if the download is successful, saves the file as " c:\temp.exe" and then creates an empty file called " c:\bool.ini" before exiting.
Although the flaw is actively being leveraged by attackers to compromise systems, Friedrichs says Symantec has only seen it being exploited in isolated cases. "It is by no means a widespread exploit," he noted. However, users will still have the Trojan code sitting on their system, he added.
Symantec classified the threat level as a category 1, the lowest on its 5 level scale. But Friedrichs believes these types of threats are concerning because zero day vulnerabilities are a fast growing trend.
"One thing we are seeing is an entire economy being built around the sale and purchase of vulnerability information, driven by the fact that more attacks are financially motivated," Friedrichs said.
Microsoft has activated its security response process and added detection for to Windows Live Safety Center for allow for removal of malicious software that attempts to exploit the Excel vulnerability, according to a post on Microsoft's Security Response Center Blog.
|
Five Companies That Dropped The Ball This Week For the week ending Feb. 10, CRN looks at five companies that were either asleep at the wheel or just didn't make good decisions. |
|
Five Companies That Came To Win This Week For the week ending Feb. 10, CRN looks at five companies that brought their 'A' game and made moves to beat out competitors |
|
10 Challenges That HP Wants Partners To Tackle Right Now CRN speaks with HP's business unit chiefs to get a sense of where they'd like partners to focus in the coming year, as well as how CEO Meg Whitman is making a difference. |
 More
Slide Shows |
- Cognizant Sales Soar, Exec Promotions Follow
- VAR500 Company EPAM Systems: IPO Update
- Microsoft Taps Cisco Exec To Manage Public Sector Business
- Microsoft Sets Feb. 29 For Windows 8 Consumer Preview Release
- Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange
- Symantec Says Anonymous Behind Extortion Plot
