New Trojan Targets Unpatched Microsoft Excel Flaws

There's recent news afoot from a number of sources, including The Register about a Microsoft Excel Trojan.

Several versions of Excel are vulnerable to this particular bit of malware including:

Excel 2000

Excel 2002

Excel 2003

Excel 2007

Excel 2004/2008 for Mac

Excel Viewer

Excel Viewer 2003

How do you get this trojan

Since it takes advantage of a flaw in Excel (and the Excel viewer), all you need to do is open an Excel spreadsheet with a specially crafted spreadsheet. Once you open it, the trojan payload is instantly delivered to your system.

What's being done

As of this writing, Microsoft's official word on the Excel Vulnerability is,

"At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability."

The Microsoft Security Advisory goes on to say they've not yet decided to release a patch as a part of "Patch Tuesday", a service pack, or something "out-of-cycle."

As with any new virus, trojan, or other malware, we urge readers to make sure you're running current antivirus software and that your antivirus signatures are up to date.

If you're not sure if your antivirus software is up-to-snuff and does everything it should, we have a page to help you compare antivirus software.