NEWS FROM THE LAB - Thursday, June 24, 2010

Targeted Attacks with Excel Files Posted by Mikko @ 10:56 GMT

We've previously shown screenshots of document files used in targeted espionage attacks. Most often, those have been PDF files, as they are the most commonly used filetype in such attacks.

But here's a fresh set of attacks done with XLS files instead.

This is some sort of personnel list. Like the other examples here, it drops and runs a backdoor when viewed.

targeted attack XLS file

An apparent agenda. Looks fairly normal and innocent:

targeted attack XLS file

This one seems to contain some sort of a list of organizations:

targeted attack XLS file

A budget file.

targeted attack XLS file

How timely! FIFA World Cup 2010 match schedule.

targeted attack XLS file

The exploit in these files targets Excel Pointer Offset Memory Corruption Vulnerability CVE-2009-3129.

As you can see, such attack files can look like perfectly normal and credible document files.

The hashes of the files are: