Microsoft Confirms Excel Zero-Day Attack
Guglio writes "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business. The latest zero-day attack comes just two days after Patch Tuesday (coincidence?) and less than a month after a very similar, 'super, super targeted attack' against business interests overseas. The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."
"...suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."
Are you implying that hackers don't have the wherewithal to pull off corporate espionage? Can they do nothing more than crack the latest version of VirtuaGirl?
The Trojan arrives as a Microsoft Excel file attachment to a spoofed e-mail with the following name: "okN.xls."
Hmm, I guess I should rename my spreadsheet containing a list of Oklahoma natives.
This guy's the limit!
It should really be called the -28 day attack, or something along those lines, since they are coordinating it to fall shortly after Microsoft's retarded "we only fix security once a month" schedule.
I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
Think about it. It's a company that relies upon Excel. That means it's full of PHBs who keep using Excel to do everything from track projects to design reports.
It's your employer. Yep. That's right. I checked your IP address, I see who you're working for. Your employer works exactly as I describe.
You can't go running around with a business without a name! Focus groups people, focus...
Because, through various cutouts to avoid it being traced back to them, it is Microsoft selling the exploits.
I mean, come on, you ever know Microsoft to pass up such an obvious opportunity to leverage a monopoly in one field (say, Office suites) into a dominant market position in another field (say, exploits for Office suites.)
</tinfoil>
against an unnamed business
I think they should be more worried that they are the victim of identity theft .
I'll probably be modded down for this...
I do not believe that e-mail spamming attack against a single company can be that effective. Very low percentage of e-mail users, especially professionals, actually open the attachments in unsolicited e-mails.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
Must be the work of terrorist cells...
Yes... I do... Please refer to the attached xls spreadsheet for more info. ;)
I'm sure you'll be needing them.
Thank god my grandma's already in the habit of validating xml content against schemas or she'd be SOL!
Actually There's plenty of evidence for a natual cycle of security issues. In the past, millions of years ago, there were far more security issues than there are now. In fact, many scientists disagree over the cause of the recent increase of exploits, whether this is caused by man or whether it is just part of a natural downturn from the last Mini-Secure Age (which incidentally ended when the Irish potato fields were compromised).
In any case to presume some kind of pattern from this last decade of operating systems is poor reasoning --the science just isn't in yet to show any long-term trends. Sure, the 7 of 10 most exploited operating systems have been released in the last decade, but that is not statitically relevant over the million year record of security issues. Certainly taking some kind of preventive action like using Safe Languages is just being alarmist as is all the liberal scaremongering that "all your base will be pwned" by the end of the century. Think of the economic impact of all those wasted cycles that could be better used doing manual memory management.
Listen, the computer was here long before Windows, and they'll still be around after Windows is gone. We're overstating our importance to say that mere programmers can destroy the whole computer. Sure, it may be uninhabitable by our software but eventually random bit-flipping will reset the computer and a new OS will take over. It's evidence of the indisputable intelligent design of computers that they can recover from anything we could possible run on them.