Beijing Olympics Helping Scammers to Spread Malware
Security experts at Trend Micro, a software security providing company, said that malevolent XLS attachment that claims to contain valuable information about Beijing Olympics 2008 plants a Trojan on respondent's computer.
It is said that XLS files are intentionally designed to exploit the existing loopholes in the Microsoft Excels by wildly sending e-mails with attachments. The attachments received in two formats, SCHEDULE.XLS or OLYMPICS.XLS, which are capable of successfully implementing and dropping executables of Windows binary.
The researcher at Trend Micro have warned users that Trojan makes a backdoor entry and leaves an uncorrupted Excel file, deceiving users to trust the file as completely safe and genuine.
Besides, SCHEDULE.XLS or OLYMPIC.XLS uses the same format for exploitable templates, which permit malware authors to modify the exploit for performing other activities.
Furthermore, malware writers do not want to miss any opportunity of exploiting the loopholes in Microsoft Excel because Microsoft is going to release the patch in coming days. Actually, the Microsoft Excel vulnerabilities were reported in January 2008 and the company was ready to release the patch in February 2008 but it was withdrawn. Consequently, malware authors got more time to exploit the loopholes.
Investigation by Microsoft in January 2008 found the flaw in various versions of MS Excel, including Microsoft Excel 2004 meant for Mac, Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel 2000, Microsoft Office Excel Viewer 2003, and Microsoft Office Excel 2002.
Additionally, more and more scammers are being lured to make use of combination of e-mails and Excel file for exploiting flaws in Excel. Growing usage of Excel files in business is also attributing for rising attacks with Excel files. In related news, Websense Security Labs, an Internet security provider, found a zero-day flaw in Microsoft Office Excel, rated as high risk flaw. However, Microsoft fixed the vulnerability on March 11, 2008.
Hence, experts at Trend Micro have recommended computer users to be careful while opening illegitimate e-mails and are cautious against files attached with them. They also advised users to keep their security software up-to-date.
Related article: Businesses Asked To Shoulder Security Of Online Transactions
» SPAMfighter News - 18-03-2008