Creative Hackers

Excel Macro Puzzle Attack.

Perception Point Incident Response Team
October 24, 2018

Most attacks tend to be “plain vanilla” – a phishing link, a fake website, a malicious executable and so on. But sometimes attackers can be particularly creative in the design of their technique. Recently our platform exposed such an approach.

We detected a malicious .xls file that at first glance looks quite innocent. The Excel file contains completely random characters spread across the work sheet. When the user tries to close the file he encounters an error causing the application to crash repeatedly. A deeper investigation shows there to be a malicious Macro code inside the Excel file that, when closing the file, takes all of the random letters and creates an executable malicious code that infects the host with a malicious code.




Basically if a user opens this file – he could easily believe it to be junk and immediately close it, and voila! the attacker is in. Thanks to our Recursive Unpacker’s deep scanning capability combined with our Dropper engine, which handles macros and scripts, our Advanced Email Protection caught this attack before it hit the user’s inbox.

To learn more about our solution,

Click Here

Share the joy
Stay a step ahead

Research & News.

Asset 5
Case Study

Case Study: Advanced Attack Analysis

Uri Ahronovich

Perception Point’s platform recently caught an advanced threat directed at one of our customers within a Microsoft Word file.

Asset 5

Why Relays, AVs, & Sandboxes just aren’t enough anymore

By Jonathan Levy

Over the years organizations have implemented multi-layered approaches to protect their email, due to the fact that no single solution has provided sufficient results.

Asset 5

Breaking CFI: Exploiting CVE-2015-5122 using COOP

By Oshri Sela & Shlomi Levin

In this series of posts we’re going to demonstrate how modern CFI implementations can be circumvented.

Show More
Contact Us

Schedule a trial today.

Yes, I would like to receive email communications from Perception Point. I understand I can unsubscribe at any time.