Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Confirms Excel Zero-Day Attack

Posted by ryuzaki0 on from the 0day-warez-is-fun-to-say-though dept.

Guglio writes "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business. The latest zero-day attack comes just two days after Patch Tuesday (coincidence?) and less than a month after a very similar, 'super, super targeted attack' against business interests overseas. The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."

9 of 199 comments (clear)

  1. okN.xls? by gEvil+(beta) · · Score: 5, Funny

    The Trojan arrives as a Microsoft Excel file attachment to a spoofed e-mail with the following name: "okN.xls."

    Hmm, I guess I should rename my spreadsheet containing a list of Oklahoma natives.

    --
    This guy's the limit!
  2. Zero day?!? by ILikeRed · · Score: 5, Funny

    It should really be called the -28 day attack, or something along those lines, since they are coordinating it to fall shortly after Microsoft's retarded "we only fix security once a month" schedule.

    --
    I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
  3. They got what they deserved... by HellYeahAutomaton · · Score: 5, Funny
    "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business."

    You can't go running around with a business without a name! Focus groups people, focus...

  4. Re:Hackers can't do it? by IthnkImParanoid · · Score: 5, Funny

    Can they do nothing more than crack the latest version of VirtuaGirl?

    They can do that? Do you know where I can find these guys? I need to, uh, confirm your statement. Solely for scientific purposes, you understand.

    --
    It's nothing but crumpled porno and Ayn Rand.
  5. An Excel exploit? by fotoflojoe · · Score: 5, Funny

    Must be the work of terrorist cells...

    1. Re:An Excel exploit? by grassy_knoll · · Score: 5, Funny

      Would those terrorist cells be in the fifth column? ;)

      --
      A Human Right
  6. Re:news? by Anonymous Coward · · Score: 5, Insightful
    If users are willing to click on an attachment from someone they don't know, then of course they're extremely vulnerable.

    There is no reason why it should have to be that way. In other operating systems and offices, you can open documents to see what's in them without handing over control of the OS to someone. Why should we accept a world in which unsolicited communication is banned ? Why can't we allows businesses to expand my making contacts with new, previously unknown people ?

    Of course, the problem is made worse by the fact that MS makes it so difficult not to run with administrator privileges.

    No, actually it is not. The most damaging things money wise that can happen to your computer are all available as the user, because if the data is important, the user obviously has to be able to read it. Trashing C:\Windows can always be fixed with a re-install. Uploading outlook.pst and *.xls to some site in Hong Kong can never be undone.

    If this is really targeted at a particular business, then the solution seems pretty simple: that business tells all their employees not to click on attachments from people they don't know, and whips up some software to filter out this stuff before it even gets to their users. If they're big enough to be an attractive target for extortion, they're presumably big enough to have an IT staff competent to take care of those simple steps.

    No, that is not the solution. Having to spend more on IT is the PROBLEM THIS BUG CREATED, not the solution.

    Like many computer users, windows or linux or mac, you have internalized your work-arounds and broken-system survival strategies to the point that you actually think that's the way things are supposed to work.

  7. Re:Hackers can't do it? by gowen · · Score: 5, Funny
    The idea that intellectuals can't be criminals is almost victorian

    Hey! I resent that!

    Love,
    Professor James Moriarty.
    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  8. Re:NOT TO FEAR! by 0xABADC0DA · · Score: 5, Funny

    Actually There's plenty of evidence for a natual cycle of security issues. In the past, millions of years ago, there were far more security issues than there are now. In fact, many scientists disagree over the cause of the recent increase of exploits, whether this is caused by man or whether it is just part of a natural downturn from the last Mini-Secure Age (which incidentally ended when the Irish potato fields were compromised).

    In any case to presume some kind of pattern from this last decade of operating systems is poor reasoning --the science just isn't in yet to show any long-term trends. Sure, the 7 of 10 most exploited operating systems have been released in the last decade, but that is not statitically relevant over the million year record of security issues. Certainly taking some kind of preventive action like using Safe Languages is just being alarmist as is all the liberal scaremongering that "all your base will be pwned" by the end of the century. Think of the economic impact of all those wasted cycles that could be better used doing manual memory management.

    Listen, the computer was here long before Windows, and they'll still be around after Windows is gone. We're overstating our importance to say that mere programmers can destroy the whole computer. Sure, it may be uninhabitable by our software but eventually random bit-flipping will reset the computer and a new OS will take over. It's evidence of the indisputable intelligent design of computers that they can recover from anything we could possible run on them.