New Trojan Targets Unpatched Microsoft Excel Flaws

« Conficker Worm Technical Analysis | Main | Microsoft Not Patching Excel Security Flaw »


New Trojan Targets Unpatched Microsoft Excel Flaws

Kevin R. Smith

There's recent news afoot from a number of sources, including The Register about a Microsoft Excel Trojan.

Several versions of Excel are vulnerable to this particular bit of malware including:

  • Excel 2000
  • Excel 2002
  • Excel 2003
  • Excel 2007
  • Excel 2004/2008 for Mac
  • Excel Viewer
  • Excel Viewer 2003
  • How do you get this trojan

    Since it takes advantage of a flaw in Excel (and the Excel viewer), all you need to do is open an Excel spreadsheet with a specially crafted spreadsheet. Once you open it, the trojan payload is instantly delivered to your system.

    What's being done

    As of this writing, Microsoft's official word on the Excel Vulnerability is,

    "At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability."

    The Microsoft Security Advisory goes on to say they've not yet decided to release a patch as a part of "Patch Tuesday", a service pack, or something "out-of-cycle."

    As with any new virus, trojan, or other malware, we urge readers to make sure you're running current antivirus software and that your antivirus signatures are up to date.

    If you're not sure if your antivirus software is up-to-snuff and does everything it should, we have a page to help you compare antivirus software.


    TrackBack URL for this entry:

    Listed below are links to weblogs that reference New Trojan Targets Unpatched Microsoft Excel Flaws :


    You can follow this conversation by subscribing to the comment feed for this post.

    The comments to this entry are closed.