Malware writers sprint to use vulnerabilities before next Patch Tuesday.
Security researchers have reported seeing emails containing XLS attachments designed to exploit a yet unpatched vulnerability in several versions of
Microsoft
‘s
Excel
software.
The attachment, which purports to contain information about this summer’s Olympic Games in Beijing, leaves a trojan on the user’s computer. After opening a backdoor, the trojan also drops a non-malicious
Excel
file, tricking the user into believing that the attachment is genuine and harmless.
The vulnerability that is being used was
first reported
in the wild in January, but a patch
was withdrawn
at the last moment from
Microsoft
‘s February release of patches, thus giving malware writers until tomorrow’s Patch Tuesday to exploit the flaw.
Virus Bulletin
advises users to be wary of opening unsolicited emails and to treat file attachments with extreme caution. More can be found at
Trend Micro
here
, with details on the vulnerability at
Microsoft
Security Advisory
here
.
Posted on 10 March 2008 by
Virus Bulletin
Leave a Reply