Trojan circulating in unpatched Excel documents

A vulnerability in Excel, which has been known publicly since January, has been exploited by a so-far small scale attack.

Several security companies have published a warning against the Trojan that is circulating via email.

So far eight different file names have been detected for the exploit, including OLYMPIC.XLS and SCHEDULE.XLS.

Most anti-virus should be able to handle the problem. Microsoft issued a patch for the vulnerability on the 11th of March and urges users’ to install it immediately.

US-Cert advises users to be wary of unsolicited attachments, even from people you know. Many viruses can “spoof” the return address, making it look like the message came from someone else.

Users are also advised to save and scan any attachments before opening them, and also ensure all anti-virus software is up to date.

Turning off the option to automatically download attachments is also recommended – if set up by default, email users are recommended to switch this off.

Story link: Trojan circulating in unpatched Excel documents