FYI...Active exploitation of Excel vuln
Last Updated: 2008-03-10 23:52:52 UTC - "...We can confirm these attacks and have been tracking several exploits over the last few days. It should be noted that the incidents we are aware of have been limited to a very specific targeted attack and were not widespread. In total, we established approximately 21 reports of attacks using only 8 different files, from within the same two communities, so far... some of the signatures we know of that catch iterations of these attacks. Note that some are relatively generic and catch multiple other exploits as well... Trojan-Dropper.MSExcel.Agent ...We are aware that some of the samples connect back to update-microsoft.kmip.net
(220.127.116.11) on port 80, to retrieve the IP address of the actual control server."