Slashdot Mirror


Microsoft Confirms Excel Zero-Day Attack

Guglio writes "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business. The latest zero-day attack comes just two days after Patch Tuesday (coincidence?) and less than a month after a very similar, 'super, super targeted attack' against business interests overseas. The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."

14 of 199 comments (clear)

  1. Hackers can't do it? by brian0918 · · Score: 4, Funny

    "...suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."

    Are you implying that hackers don't have the wherewithal to pull off corporate espionage? Can they do nothing more than crack the latest version of VirtuaGirl?

    1. Re:Hackers can't do it? by IthnkImParanoid · · Score: 5, Funny

      Can they do nothing more than crack the latest version of VirtuaGirl?

      They can do that? Do you know where I can find these guys? I need to, uh, confirm your statement. Solely for scientific purposes, you understand.

      --
      It's nothing but crumpled porno and Ayn Rand.
    2. Re:Hackers can't do it? by gowen · · Score: 5, Funny
      The idea that intellectuals can't be criminals is almost victorian

      Hey! I resent that!

      Love,
      Professor James Moriarty.
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  2. okN.xls? by gEvil+(beta) · · Score: 5, Funny

    The Trojan arrives as a Microsoft Excel file attachment to a spoofed e-mail with the following name: "okN.xls."

    Hmm, I guess I should rename my spreadsheet containing a list of Oklahoma natives.

    --
    This guy's the limit!
  3. Zero day?!? by ILikeRed · · Score: 5, Funny

    It should really be called the -28 day attack, or something along those lines, since they are coordinating it to fall shortly after Microsoft's retarded "we only fix security once a month" schedule.

    --
    I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
  4. They got what they deserved... by HellYeahAutomaton · · Score: 5, Funny
    "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business."

    You can't go running around with a business without a name! Focus groups people, focus...

  5. Re:It's part of Microsoft's plan by DragonWriter · · Score: 4, Funny
    If Criminal orgs are purchasing exploits, why doesn't Microsoft?
    <tinfoil>

    Because, through various cutouts to avoid it being traced back to them, it is Microsoft selling the exploits.

    I mean, come on, you ever know Microsoft to pass up such an obvious opportunity to leverage a monopoly in one field (say, Office suites) into a dominant market position in another field (say, exploits for Office suites.)
    </tinfoil>

  6. Unnamed business? by MarkByers · · Score: 4, Funny

    against an unnamed business

    I think they should be more worried that they are the victim of identity theft .

    --
    I'll probably be modded down for this...
  7. stupid by mapkinase · · Score: 4, Funny

    I do not believe that e-mail spamming attack against a single company can be that effective. Very low percentage of e-mail users, especially professionals, actually open the attachments in unsolicited e-mails.

    --
    I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
  8. An Excel exploit? by fotoflojoe · · Score: 5, Funny

    Must be the work of terrorist cells...

    1. Re:An Excel exploit? by grassy_knoll · · Score: 5, Funny

      Would those terrorist cells be in the fifth column? ;)

  9. Re:unnamed business by dark-br · · Score: 4, Funny

    Yes... I do... Please refer to the attached xls spreadsheet for more info. ;)

  10. Re:Another reason to have an open file format by insanarchist · · Score: 4, Funny

    Thank god my grandma's already in the habit of validating xml content against schemas or she'd be SOL!

  11. Re:NOT TO FEAR! by 0xABADC0DA · · Score: 5, Funny

    Actually There's plenty of evidence for a natual cycle of security issues. In the past, millions of years ago, there were far more security issues than there are now. In fact, many scientists disagree over the cause of the recent increase of exploits, whether this is caused by man or whether it is just part of a natural downturn from the last Mini-Secure Age (which incidentally ended when the Irish potato fields were compromised).

    In any case to presume some kind of pattern from this last decade of operating systems is poor reasoning --the science just isn't in yet to show any long-term trends. Sure, the 7 of 10 most exploited operating systems have been released in the last decade, but that is not statitically relevant over the million year record of security issues. Certainly taking some kind of preventive action like using Safe Languages is just being alarmist as is all the liberal scaremongering that "all your base will be pwned" by the end of the century. Think of the economic impact of all those wasted cycles that could be better used doing manual memory management.

    Listen, the computer was here long before Windows, and they'll still be around after Windows is gone. We're overstating our importance to say that mere programmers can destroy the whole computer. Sure, it may be uninhabitable by our software but eventually random bit-flipping will reset the computer and a new OS will take over. It's evidence of the indisputable intelligent design of computers that they can recover from anything we could possible run on them.