Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

Found new vulnerability in Microsoft Excel

ISC and Microsoft reported about new vulnerability in Microsoft Excel. Also found exploit using the vulnerability for install malware.

Now Symantec can to detect this attack.

Trojan.Mdropper.J is a Trojan horse that drops Downloader.Booli.A on the compromised computer. It exploits an undocumented vulnerability in Microsoft Excel.

The Symantec website also reports … Downloader.Booli.A may arrive on the compromised computer, dropped by Trojan.Mdropper.J, with the following name: %System%\svc.exe

Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

When Downloader.Booli.A is executed, it performs the following actions:

  • Attempts to run Internet Explorer and inject its code into Internet Explorer to potentially bypass firewalls.
  • Attempts to download a file from the following location: [http://]210.6.90.153:7890/svcho[REMOVED]
  • Saves the file as the following and if the download was successful, executes the file: c:\temp.exe
  • Creates an empty file before exiting: c:\bool.ini

Now we recommend use the same defenses as for lastest Microsoft Word vulnerability: How to block Microsoft Word vulnerability, recommended defenses.

Share and Enjoy:

  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Slashdot
  • Twitter
June 16, 2006 on 8:49 am | In Exploits & Vulnerabilities | No Comments |


No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.