Spam campaign: exploited Excel files

This forum is for phishing and spam related information, news and security topics.

Moderators: Admin Team, Moderators

User avatar
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK

Spam campaign: exploited Excel files

Postby Spudz » Thu Jun 10, 2010 1:40 am

Spam campaign: exploited Excel files

We’ve been seeing an aggressive spam campaign (which we block) carrying malicious Excel (.xls) files, detected as Troj/DocDrop-Q, exploiting the vulnerability classified as CVE-2009-3129.

The Excel file attempts to decrypt, drop and run another executable file, which copies itself to <System>\googletoolbar32.exe and creates a registry entry called “Google Search Engine” to run itself automatically on reboot. We detect this exe as Mal/Koobface-G, and it’s very similar to other executables we’ve seen in spam recently.

Spam is likely to contain the word “treasury” in the sender’s address (which is faked). Examples include:

* “US Department of Treasury” <>
* Elizabeth Boucher <>
* Chang Avery <>

Continues at SophosLabs Blog
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.


Return to “Phishing And Spam Forum”

Who is online

Users browsing this forum: No registered users and 2 guests