VB Migration

Tag: excel

  • New article: Excel Formula/Macro in .xlsb?

    Excel Formula, or XLM – does it ever stop giving pain to researchers? So asks Forcepoint researcher Kurt Natvig. In a follow-up to his previous article on Excel Formula (XF) 4.0 malware, Kurt takes us through his analysis of a new sample using the .xlsb file format. Excel Formula/Macro in .xlsb? Read the paper (HTML)…

  • New article: Decompiling Excel Formula (XF) 4.0 malware

    Office malware has been around for a long time, but until recently Excel Formula (XF) 4.0 was not something researcher Kurt Natvig was very familiar with. In a new article Kurt allows us to learn with him as he takes a deeper look at XF 4.0. Decompiling Excel Formula (XF) 4.0 malware Read the paper…

  • VB2020 presentation: Evolution of Excel 4.0 macro weaponization

    The use by attackers of legitimate Excel 4.0 (XL4) macros as a simple and reliable method to gain a foothold on a target network is becoming increasingly popular and presents a significant challenge for organizations and defenders alike. For many organizations blacklisting isn’t a viable solution, and for defenders, building reliable signatures for this type…

  • Throwback Thursday: ‘In the Beginning was the Word…’

    Microsoft has recently introduced a new feature to Office 2016 : the ability to block macros,in an attempt to curb the spread of macro malware, which is once again on the rise . Macro viruses first appeared in 1995, at a time when there were over 100 times as many DOS viruses in existence as…

  • CVE-2012-0158 continues to be used in targeted attacks

    30-month old vulnerability still a popular way to infect systems. If all you have to worry about are zero-day vulnerabilities, you have got things pretty well sorted. Although it is true that sometimes zero-days are being used to deliver malware (such as the recent use of CVE-2014-4114 by the SandWorm group), in many cases even…

  • ‘Olympic’ emails contain malicious XLS attachments

    Malware writers sprint to use vulnerabilities before next Patch Tuesday. Security researchers have reported seeing emails containing XLS attachments designed to exploit a yet unpatched vulnerability in several versions of Microsoft ‘s Excel software. The attachment, which purports to contain information about this summer’s Olympic Games in Beijing, leaves a trojan on the user’s computer.…

  • Bumper Patch Tuesday short of one patch

    Excel remains vulnerable as expected fix is dropped. Microsoft has issued its monthly ‘Patch Tuesday’ set of security updates, with a larger than usual crop of patches for a variety of products, including several for the Office range and Internet Explorer browser. However, one significant patch – for a vulnerability in Excel – was withdrawn…