Cyber Crooks Exploiting Excel’s Zero-Day Vulnerability

As per security firm Symantec, Microsoft's Excel spreadsheet program is having a zero-day vulnerability that is being abused by the cyber criminals. A zero-day vulnerability is referred to the vulnerability which is unpatched and is efficiently used by criminals to attack systems when it is exposed publically.

Meanwhile, the problem has reportedly affected Excel 2007 and similar versions of this program with Service Pack 1, but probably other versions of the Excel program might have also been affected.

Excel's vulnerability, known as 'Boundary Condition Error' may be successfully exploited when a user opens a malicious Excel file, according to the researchers at Symantec. The hacker could then freely run malware on the user's system. The firm is also stating that this malware could inject a Trojan horse "Trojan.Mdropper.AC." on the victim's PC.

The Trojan that reportedly works on the computers running XP and Vista operating systems can download another malware on the PC. Symantec has rated the Trojan as a low risk threat and is used in launching a targeted attack.

According to security experts, since Microsoft has put immense efforts on making its Vista operating system more secure, hackers are increasingly hunting to discover vulnerabilities in its applications.

The users should be much more vigilant while opening any Excel file. They are recommended not to open the files whose sources are not trusted and reliable.

Symantec has advised to use a firewall to block the incoming connections from Internet to the services which, in no case, should be publically available. Users should also implement a password policy. The possibility of cracking a password-protected file on a hacked computer diminishes to almost zero, if the password is complex. Therefore, this helps to prevent or at least limit the damage in case a PC gets compromised.

To block the automatic launching of executable files on the removable drives and network, users should disable AutoPlay. Also, the drives must be disconnected if not in use. For instance, in case write access is not required by the user, he should enable read-only mode (if available).

Researchers have also recommended users to configure their e-mail server to remove or block the e-mails containing file attachments which are usually used to spread threats.

Related article: Cyber Child abuser Sentenced To Imprisonment

» SPAMfighter News - 3/2/2009