A new flaw has been detected in Microsoft Excel that exploits an unpatched vulnerability.
ESET has identified the malicious program as the X97M/TrojanDropper.Agent.NAI Trojan that contains a dangerous payload that attacks versions of Excel. After the infected file is opened, a backdoor is created in the system that allows the authors to gain control over the workstation from a remote location.
According to ESET´s head of virus lab Juraj Malcho, Excel users should refrain from opening suspicious .xls files or files received from unknown senders. When it comes to the scope of the infiltration, the overall number of infected computers thus far remains low and the attacks seem to be targeted, rather than aiming to achieve a massive scale spread.
David Harley, director of malware intelligence at ESET, said: “Unlike some of the exploits we've seen recently, this one is remarkably flexible about the range of platforms and versions to which it delivers its payload. According to Microsoft's advisory, the vulnerability affects Windows versions as far back as Microsoft Office 2000, and also affects Office 2004 and 2008 for Mac.
“Our lab guys also tell us that the exploit also affects Excel viewers. So if you remember those reassurances from the 1990s that you were safe using viewers to read MSOffice documents because they didn't execute macros, I'm afraid that it no longer applies, because we're not looking at malicious macros here.”
He also claimed that this is a targeted attack, though it will not affect many people directly at the moment. There has been no patch issued by Microsoft, though Harley said that he'd ‘be surprised if there isn't one sooner rather than later'.
Patrick Fitzgerald of Symantec said that the shellcode in analysed samples show that it drops two files – with the second a valid Excel document that is opened to mask the fact that Excel crashes when the Trojan is executed.