Who's Online
4 visitors online now
0 guests, 4 bots, 0 members
Support my Sponsor

Archive for the ‘Application Security’ Category

Excel XLS attachment another one download various Trojans and password stealers especially banking credential stealers

The current method of malware delivery via email is fake invoices using Excel xls spreadsheets with an embedded malicious macros

Some examples from this week are shown at

They are also still continuing with macro embedded word docs as well. But they seem to be having a better success rate of infecting unwitting users with Excel because more excel users do have Macros enabled than word users do.

They use quite good social engineering tricks to entice the user to open the attachment as many users will be used to receiving XLS spreadsheets ( and word docs) by email from similarly named companies.

Please be aware of this method and warn your users. Those using older versions of office are more at risk, but of course the typical busy accounts clerk using office 2013 in a small or medium size business is quite likely to click on “enable macros” or “take me out of protected view” when they see a blank sheet, without thinking about it