Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Confirms Excel Zero-Day Attack

Posted by ryuzaki0 on from the 0day-warez-is-fun-to-say-though dept.

Guglio writes "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business. The latest zero-day attack comes just two days after Patch Tuesday (coincidence?) and less than a month after a very similar, 'super, super targeted attack' against business interests overseas. The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."

27 of 199 comments (clear)

  1. Hackers can't do it? by brian0918 · · Score: 4, Funny

    "...suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."

    Are you implying that hackers don't have the wherewithal to pull off corporate espionage? Can they do nothing more than crack the latest version of VirtuaGirl?

    1. Re:Hackers can't do it? by SatanicPuppy · · Score: 4, Insightful

      Yea, nice way to jump to conclusions. The idea that intellectuals can't be criminals is almost victorian. Or maybe they fell for the stereotype of the happy-go-lucky-non-malicious-but-intellectually-in qusitive hacker who could come up with an exploit, but never use it for EVIL.

      Zero-day exploits do tend to suggest someone with specific goals, who has the resources to sit and come up with zero day exploits, and the foresight to target deployment to achieve a goal. It's not behaviour that we stereotypically associate with hackers, but there is no reason it couldn't be one person (or ten or a hundred).

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    2. Re:Hackers can't do it? by IthnkImParanoid · · Score: 5, Funny

      Can they do nothing more than crack the latest version of VirtuaGirl?

      They can do that? Do you know where I can find these guys? I need to, uh, confirm your statement. Solely for scientific purposes, you understand.

      --
      It's nothing but crumpled porno and Ayn Rand.
    3. Re:Hackers can't do it? by gowen · · Score: 5, Funny
      The idea that intellectuals can't be criminals is almost victorian

      Hey! I resent that!

      Love,
      Professor James Moriarty.
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  2. Why read the article? by Thunderstruck · · Score: 4, Insightful

    Well organized criminals conducting corporate espionage, complex software running international corporations, (hackers/crackers) slipping deviously bugged code into the works for their own nefarious purposes.

    I don't need to RTFA, I can just wait for the movie.

    --
    Trying to use sarcasm in text-based forums does not work.
    1. Re:Why read the article? by Solder+Fumes · · Score: 4, Informative

      You're waiting for Swordfish (2001)?

  3. okN.xls? by gEvil+(beta) · · Score: 5, Funny

    The Trojan arrives as a Microsoft Excel file attachment to a spoofed e-mail with the following name: "okN.xls."

    Hmm, I guess I should rename my spreadsheet containing a list of Oklahoma natives.

    --
    This guy's the limit!
  4. Zero day?!? by ILikeRed · · Score: 5, Funny

    It should really be called the -28 day attack, or something along those lines, since they are coordinating it to fall shortly after Microsoft's retarded "we only fix security once a month" schedule.

    --
    I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
  5. NOT TO FEAR! by pcguru19 · · Score: 4, Insightful

    Just upgrade to Windows VISTA (when it's out) and Office 2007 (when it's out) and all of these silly security issues will go away....

    Oh wait, didn't they say that when they released Windows 98, Windows ME, Windows 2000, Windows XP, Windows 2003 Server, Office XP, & Office 2003? HMMMMMMM. This could be a pattern forming.

    --
    STFU & GBTW
    1. Re:NOT TO FEAR! by 0xABADC0DA · · Score: 5, Funny

      Actually There's plenty of evidence for a natual cycle of security issues. In the past, millions of years ago, there were far more security issues than there are now. In fact, many scientists disagree over the cause of the recent increase of exploits, whether this is caused by man or whether it is just part of a natural downturn from the last Mini-Secure Age (which incidentally ended when the Irish potato fields were compromised).

      In any case to presume some kind of pattern from this last decade of operating systems is poor reasoning --the science just isn't in yet to show any long-term trends. Sure, the 7 of 10 most exploited operating systems have been released in the last decade, but that is not statitically relevant over the million year record of security issues. Certainly taking some kind of preventive action like using Safe Languages is just being alarmist as is all the liberal scaremongering that "all your base will be pwned" by the end of the century. Think of the economic impact of all those wasted cycles that could be better used doing manual memory management.

      Listen, the computer was here long before Windows, and they'll still be around after Windows is gone. We're overstating our importance to say that mere programmers can destroy the whole computer. Sure, it may be uninhabitable by our software but eventually random bit-flipping will reset the computer and a new OS will take over. It's evidence of the indisputable intelligent design of computers that they can recover from anything we could possible run on them.

  6. They got what they deserved... by HellYeahAutomaton · · Score: 5, Funny
    "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business."

    You can't go running around with a business without a name! Focus groups people, focus...

  7. It's part of Microsoft's plan by brian0918 · · Score: 4, Insightful

    "If Criminal orgs are purchasing exploits, why doesn't Microsoft? (it's not like the don't have the money!)"

    Microsoft lets these exploits run free to keep the cattle in line. They need to keep people upgrading and buying the latest versions of their products to keep the cash flowing. If they released a well-written, stable, secure piece of software, what reason would people have to upgrade?

    1. Re:It's part of Microsoft's plan by DragonWriter · · Score: 4, Funny
      If Criminal orgs are purchasing exploits, why doesn't Microsoft?
      <tinfoil>

      Because, through various cutouts to avoid it being traced back to them, it is Microsoft selling the exploits.

      I mean, come on, you ever know Microsoft to pass up such an obvious opportunity to leverage a monopoly in one field (say, Office suites) into a dominant market position in another field (say, exploits for Office suites.)
      </tinfoil>

  8. news? by bcrowell · · Score: 4, Interesting

    Why is this news? If users are willing to click on an attachment from someone they don't know, then of course they're extremely vulnerable. Of course, the problem is made worse by the fact that MS makes it so difficult not to run with administrator privileges. If this is really targeted at a particular business, then the solution seems pretty simple: that business tells all their employees not to click on attachments from people they don't know, and whips up some software to filter out this stuff before it even gets to their users. If they're big enough to be an attractive target for extortion, they're presumably big enough to have an IT staff competent to take care of those simple steps.

    --
    Find free books.
    1. Re:news? by Anonymous Coward · · Score: 5, Insightful
      If users are willing to click on an attachment from someone they don't know, then of course they're extremely vulnerable.

      There is no reason why it should have to be that way. In other operating systems and offices, you can open documents to see what's in them without handing over control of the OS to someone. Why should we accept a world in which unsolicited communication is banned ? Why can't we allows businesses to expand my making contacts with new, previously unknown people ?

      Of course, the problem is made worse by the fact that MS makes it so difficult not to run with administrator privileges.

      No, actually it is not. The most damaging things money wise that can happen to your computer are all available as the user, because if the data is important, the user obviously has to be able to read it. Trashing C:\Windows can always be fixed with a re-install. Uploading outlook.pst and *.xls to some site in Hong Kong can never be undone.

      If this is really targeted at a particular business, then the solution seems pretty simple: that business tells all their employees not to click on attachments from people they don't know, and whips up some software to filter out this stuff before it even gets to their users. If they're big enough to be an attractive target for extortion, they're presumably big enough to have an IT staff competent to take care of those simple steps.

      No, that is not the solution. Having to spend more on IT is the PROBLEM THIS BUG CREATED, not the solution.

      Like many computer users, windows or linux or mac, you have internalized your work-arounds and broken-system survival strategies to the point that you actually think that's the way things are supposed to work.

  9. Not a popularity problem by ILikeRed · · Score: 4, Insightful

    It is not a popularity problem - it's a "our marketing and sales departments delegate everything to our engineering and security departments" problem.

    --
    I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
  10. News? by MarkByers · · Score: 4, Insightful

    Everyone knows that you should not open attachments. Word is likely full of 1000s of exploitable holes. Excel too. Plus any other complex program.

    Yes, OpenOffice will be full of holes as well.

    Not news.

    As for attacking just after the patch cycle, it's unlikely to mean anything. If I wanted to take advantage of a vulnerability for as long as possible, I would attack two or three days before the patch cycle. That will give people a couple of days to work out what happened and report the issue to Microsoft. After some initial analysis and prioritisation, a developer will be assigned to fix it. By that time it will have missed the boat for this month's patch day. Not that I would do this though. :)

    --
    I'll probably be modded down for this...
  11. Presumably they could but... by sterno · · Score: 4, Insightful

    The thing is, to be a good hacker, you kinda have to spend a lot of time and energy on hacking. At the end of the day, it's probably easier and equally lucrative to just sell your exploits to other people rather than using them yourself. It's also a much safer route legally speaking because you aren't directly involved in the criminal act, you're just selling the tools.

    --
    This sig has been temporarily disconnected or is no longer in service
  12. Patches Available by GogglesPisano · · Score: 4, Informative

    Patches for this problem available here, here and here.

  13. Unnamed business? by MarkByers · · Score: 4, Funny

    against an unnamed business

    I think they should be more worried that they are the victim of identity theft .

    --
    I'll probably be modded down for this...
  14. stupid by mapkinase · · Score: 4, Funny

    I do not believe that e-mail spamming attack against a single company can be that effective. Very low percentage of e-mail users, especially professionals, actually open the attachments in unsolicited e-mails.

    --
    I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
  15. An Excel exploit? by fotoflojoe · · Score: 5, Funny

    Must be the work of terrorist cells...

    1. Re:An Excel exploit? by grassy_knoll · · Score: 5, Funny

      Would those terrorist cells be in the fifth column? ;)

      --
      A Human Right
  16. Another reason to have an open file format by Bert64 · · Score: 4, Interesting

    With an open file format such as OpenDocument, it would be much harder to hide malicious code and/or exploits in a document...

    You could easily parse the file at your gateway, and validate the xml content against the published schema (rejecting it if it fails), although this wouldn't be foolproof (an exploit could still exist within well formed xml, but is less likely) it would cut out a significant portion of vulnerabilities.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    1. Re:Another reason to have an open file format by insanarchist · · Score: 4, Funny

      Thank god my grandma's already in the habit of validating xml content against schemas or she'd be SOL!

  17. Just in time by Opportunist · · Score: 4, Insightful

    Anyone here thinking it's a coincidence that the exploit goes life JUST after "patch day"?

    I don't want to call the responsible people at MS retards, who thought that patching at one very predetermined day every month is a good idea, but my English is not good enough to come up with a better name for this kind of idea.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  18. Re:unnamed business by dark-br · · Score: 4, Funny

    Yes... I do... Please refer to the attached xls spreadsheet for more info. ;)