News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
November 20, 2014, 18:09:53
Pages: [1]   Go Down
  Print  
Topic: Olympic SPAM carries malicious Excel attachments  (Read 2413 times)
0 Members and 1 Guest are viewing this topic.
« on: March 10, 2008, 01:26:41 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

- http://blog.trendmicro.com/olympic-fans-may-fall-for-unpatched-ms-excel-vuln/
March 9, 2008 - "XLS files specially designed to exploit a currently unpatched vulnerability in Microsoft Excel (identified as CVE-2008-0081) are reportedly being sent as email attachments in the wild. The attachments, which arrive either as OLYMPIC.XLS or SCHEDULE.XLS are capable of dropping and executing Windows binary executables. This Trojan also drops a non-malicious Excel file and opens it upon execution to trick the user that it is the attached Excel file... Both OLYMPIC.XLS and SCHEDULE.XLS are observed to use similar exploit templates and even allow malware writers to customize the exploit to perform other routines... malware authors are using this window of opportunity to infect a large number of computers. More information on this exploit can be found on this Microsoft Security Advisory*. Trend Micro advises users to be wary of opening unsolicited email messages, much more of files attached to them..."

(Screenshots available at the URL above.)

* http://www.microsoft.com/technet/security/advisory/947563.mspx
January 16, 2008

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0081
Last revised: 1/17/2008

 Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #1 on: March 11, 2008, 02:45:15 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Active exploitation of Excel vuln
- http://isc.sans.org/diary.html?storyid=4117
Last Updated: 2008-03-10 23:52:52 UTC - "...We can confirm these attacks and have been tracking several exploits over the last few days. It should be noted that the incidents we are aware of have been limited to a very specific targeted attack and were not widespread. In total, we established approximately 21 reports of attacks using only 8 different files, from within the same two communities, so far... some of the signatures we know of that catch iterations of these attacks. Note that some are relatively generic and catch multiple other exploits as well... Trojan-Dropper.MSExcel.Agent ...We are aware that some of the samples connect back to update-microsoft.kmip.net (221.130.180.87) on port 80, to retrieve the IP address of the actual control server."

> http://www.us-cert.gov/current/#trojan_exploiting_microsoft_excel_vulnerability

 Shocked Shocked
« Last Edit: March 11, 2008, 03:52:08 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #2 on: March 11, 2008, 11:36:47 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8402



FYI...

Microsoft Security Advisory (947563)
Vulnerability in Microsoft Excel Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/947563.mspx
Updated: March 11, 2008 - "...We have issued MS08-014* to address this issue..."
* http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

  Exclamation
« Last Edit: March 11, 2008, 11:51:49 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 1.097 seconds with 19 queries.