“Computing old-timers who remember reassurances from the 1990s that viewers don’t execute malicious code need to make sure their basic protection knowledge is updated,” says David Harley, Director of Malware Intelligence, ESET. “Unlike some of the exploits we’ve seen recently, this one is remarkably flexible about the range of platforms and versions to which it delivers its payload, and recent viewers share the underlying vulnerability.”
The dangerous zero-day exploit takes advantage of a currently unpatched vulnerability in MS Excel, present in versions of Microsoft Excel 2000, 2002, 2003, 2007, the 2004/2008 versions for Mac, and even Excel Viewers. The payload is released immediately after the infected file is opened, creating a backdoor in the system, allowing the attacker to gain control over the workstation from a remote location.
“One of the features of targeted malware in particular is that the attacker goes to some trouble to make it look as if the email comes from a trusted source,” continues David Harley. “Although that means that most people will not be affected, a single person falling for one of these may have dangerous knock-on effects for many, inside and outside the targeted organisation - consider, for instance, how many people could be impacted adversely by the misfortunes of a global banking organization, or a major government department.”
Clearly, this is not a good time to be indiscriminately opening XLS files. Microsoft’s suggested workarounds include the use of their Microsoft Office Isolated Conversion Environment (MOICE), certainly when opening files from unknown or un-trusted sources. This should also afford some protection for users of Word and PowerPoint files in a number of attack scenarios, but MOICE can only be installed in Office 2003 or 2007.
###
About ESET
ESET develops software solutions that deliver comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that extends the ESET product line to include ESET Smart Security. Both products have an extremely efficient code base that avoids the unnecessary large footprint found in some solutions. This means faster scanning that doesn’t slow down computers or networks.
Sold in more than 110 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in UK, Argentina and Czech Republic and is globally represented by an extensive partner network. For more information, visit www.eset.co.uk or call 0845 838 0832.
PR Contact:
Sara Claridge
Marylebone Media Relations
sara@marylebone.co.uk
+44 (0) 20 8133 5572
+44 (0) 7968 626838 (mobile)
- Contact Name:
- Sara Claridge
- Role:
- Director
- Company:
- Marylebone Media Relations
- Contact Email:
- click to reveal e-mail
- Contact Phone:
- 02081335572
- Company Website:
- http://www.marylebone.co.uk
Related press releases
- Highly-regulated industries benefit from easy-to-access, real-time management dashboards.
- GearZap welcomes Rivacase
- Berkshire-based company MarketingEmpire.co.uk pledges 1% of all future profits to local charities
- Aspiring Writers Flock to Featured 'App of the Week'
- NO PUBLICITY … NO FEE. UK Marketing Company Offering Guaranteed Marketing Results
Sign up here for our free, daily email newsletter to get all the latest stories, jobs, tips and more.
Got a story? Email Rachel McAthy or telephone +44 (0)1273 384290. You can also follow us on Twitter: @journalismnews / @rmcathy.
