Testing the new zero day vulnerability in Excel - PandaLabs(情報元のブックマーク数)


In PandaLabs, we have been analyzing this new “zero day" and have tested different xls files which are in-the-wild. These files contain the exploit named as Exploit:Win32/Evenex.gen by Microsoft.
The tests have been done with the Office 2007 Service Pack 1 on Windows XP Service Pack 2. The main aim of our analysis was to test the TruPrevent Technologies included in our products against this new 0 day. These Technologies are not signature-based and are able to detect the malicious behaviour of malware, in order to be proactive against unknown vulnerabilities.

Panda Security Mediacenter - All the info about your cybersecurity.


We can conclude from the tests we have done that a system without an antivirus installed gets compromised, as we expected. The exploit creates a file in the temporary file of the user that has run the xls file and the computer is compromised.
1. When the Excel file is run, the following file is created:
C:\Documents and Settings\<username>\Local Settings\temp\AdobeUpdater.exe
2. The file AdobeUpdate.exe creates the file:
C:\Documents and Settings\<username>\Local Settings\temp\AcroRD32.exe
3. AcroRD32.exe connects to the Internet.
4. The file AdobeUpdater.exe is deleted.
5. The system is compromised.

Panda Security Mediacenter - All the info about your cybersecurity.