Cybercriminals are actively taking advantage of another vulnerability, this time in Microsoft Office Excel. This is the third threat in less than two weeks that featured exploits. Exploit codes on IE7 and PDF bugs were discovered last week and earlier this week respectively.
Microsoft acknowledges the Excel vulnerability in a recent bulletin. The software giant says that it is now investigating the case.
A malicious binary detected by Trend Micro as TROJ_MDROPPER.XR is found exploiting this said Excel bug in the wild . The Trojan arrives on systems as a specially-crafted Excel file, through spammed messages or via remote malicious websites. Its routines are triggered when it is opened by unknowing users.
TROJ_MDROPPER.XR drops and executes BKDR_AGENT.FAX, which in turn executes at every system startup. The backdoor connects to websites to send and receive information. It also gives cybercriminals almost the same user rights as the infected local user by opening a random port and enabling a remote user to execute the following commands:
- delete files
- download files from a specified remote site
- execute a specified file/program
- kill process
- list drives
- list file in the system
- open command shell
- sleep for a specified amount of time
- upload files to a specified remote site
The Trend Micro Smart Protection Network already prevents TROJ_MDROPPER.XR and BKDR_AGENT.FAX from running in systems. It also provides solutions for the removal of these malware. Malicious websites are also already blocked.