Excel Spreadsheets Being Used in Exploiting Flash Vulnerability
Although a critical vulnerability in Flash, which had been installing malware in computers since
July 2009, was recently patched by security experts, cyber criminals have discovered a new vector
to exploit it again. The new vector includes insertion of malicious SWFs in Microsoft Excel
The sample file comes as an empty Excel spreadsheet but two Flash objects are cleverly hidden in
one of the cells. As per the security company, the two Flash objects are nothing but trojans
named 'Troj/SWFExp-N' and 'Troj/SWFExp-M' with same functionalities as were found in the PDF
In the latter half of July 2009, security experts warned Adobe Flash Player users about a
vulnerability that had been exploited wildly by hackers with the help of malicious SWF files.
Besides, drive-by download assaults using SWF files, it was proved that Acrobat and Adobe Reader
were vulnerable because they had the ability to insert Flash stream in PDF files.
Adobe released an update to fix this vulnerability towards the end of July 2009, for its AIR,
Flash Player, Acrobat and Reader products. However, both cyber criminals and security industry
are very well aware of the fact that several corporate and individuals don't patch regularly.
On such occasions, antivirus products appear as the only way of security and majority of these
have additional detection for malicious PDF and SWF files. Though, security researchers at
security firm Sophos have warned that to fight antivirus protection, cybercriminals have started
using Excel files that also facilitate embedded Flash.
The researchers further explained that it was just sometime before the antivirus products held up
and began blocking the suspicious PDFs; consequently, the entire game has now shifted onto
discovering compound files able to embed and invoke Flash objects. OLE2 Compound Document Format
of Microsoft well suits this and so it is being severely exploited, reported softpedia.com on
August 5, 2009.
Peter Szabo, Senior Researcher, SophosLabs Australia, warns that this recent attack will most
probably be tailored to include Word documents and PowerPoint as well, as per the news published
by Softpedia.com on August 5, 2009. So, he strongly urged all users to upgrade Flash Player's
Related article: Excel Displays Three Holes
» SPAMfighter News - 21-08-2009