Excel spreadsheet users are the target of new cyber threat

27 Feb 2009

A new malicious malware programme that exploits an unpatched vulnerability in some versions of Microsoft Excel is doing the rounds, putting workers around the world at enormous risk.

Security software company ESET has catalogued a new malware named X97M/TrojanDropper.Agent.NAI.trojan.

It contains a dangerous payload attacking versions MS Excel 2000, 2002, 2003, 2007, 2004/2008, version for Mac, Excel Viewer/Excel Viewer 2003.

The payload is released immediately after the infected file is opened, creating a backdoor in the system (backdoor Win32/Agent.NVV).

The backdoor allows the cyber-criminals to gain control over the workstation from a remote location.

According to Juraj Malcho, ESET’s head of Virus Lab, Excel users should refrain from opening suspicious .xls files or files received from unknown senders.

“The threat takes advantage of the so-called zero-day exploitability,” Malcho said.

“Typically, similar vulnerability gaps are discovered only once they become targeted – thus affecting all users of the particular software, in this case Excel,” Malcho warned.

By John Kennedy