Targeted Attacks with Excel Files

We've previously shown screenshots of document files used in targeted espionage attacks. Most often, those have been PDF files, as they are the most commonly used filetype in such attacks.But here's a fresh set of attacks done with XLS files instead.This is some sort of personnel list. Like the other examples here, it drops and runs a backdoor when viewed.An apparent agenda. Looks fairly normal and innocent:This one seems to contain some sort of a list of organizations:A budget file.How timely! FIFA World Cup 2010 match schedule.The exploit in these files targets Excel Pointer Offset Memory Corruption Vulnerability CVE-2009-3129.As you can see, such attack files can look like perfectly normal and credible document files.The hashes of the files are:362d2011c222ae17f801e3c79e099ca797a3d097c686b5348084f5b4df8396ced076187337b7a5c74401770e2e7af8708f51b0e60d4d4764c480af5ec3a9ca190c1733b4add4e053ea58d6fb547c8759 On 24/06/10 At 10:56 AM