<<<
NEWS FROM THE LAB - Thursday, June 24, 2010
>>>
 

 
Targeted Attacks with Excel Files Posted by Mikko @ 10:56 GMT

We've previously shown screenshots of document files used in targeted espionage attacks. Most often, those have been PDF files, as they are the most commonly used filetype in such attacks.

But here's a fresh set of attacks done with XLS files instead.

This is some sort of personnel list. Like the other examples here, it drops and runs a backdoor when viewed.

targeted attack XLS file

An apparent agenda. Looks fairly normal and innocent:

targeted attack XLS file

This one seems to contain some sort of a list of organizations:

targeted attack XLS file

A budget file.

targeted attack XLS file

How timely! FIFA World Cup 2010 match schedule.

targeted attack XLS file

The exploit in these files targets Excel Pointer Offset Memory Corruption Vulnerability CVE-2009-3129.

As you can see, such attack files can look like perfectly normal and credible document files.

The hashes of the files are:
362d2011c222ae17f801e3c79e099ca7
97a3d097c686b5348084f5b4df8396ce
d076187337b7a5c74401770e2e7af870
8f51b0e60d4d4764c480af5ec3a9ca19
0c1733b4add4e053ea58d6fb547c8759