October 23, 2018

Incident Report: Excel Macro Puzzle Attack.

Creative Hackers

Perception Point Incident Response Team

Most attacks tend to be “plain vanilla” – a phishing link, a fake website, a malicious executable and so on. But sometimes attackers can be particularly creative in the design of their technique. Recently our platform exposed such an approach. We detected a malicious .xls file that at first glance looks quite innocent. The Excel file contains completely random characters spread across the work sheet. When the user tries to close the file he encounters an error causing the application to crash repeatedly. A deeper investigation shows there to be a malicious Macro code inside the Excel file that, when closing the file, takes all of the random letters and creates an executable malicious code that infects the host with a malicious code.



Basically if a user opens this file – he could easily believe it to be junk and immediately close it, and voila! the attacker is in. Thanks to our Recursive Unpacker’s deep scanning capability combined with our Dropper engine, which handles macros and scripts, our Advanced Email Protection caught this attack before it hit the user’s inbox. To learn more about our solution, CLICK HERE

Contact Us

Connect with our team to:
* Learn more
* Get a live demo
* Get a quote
* Set up a free 30 day trial

We will respond to your enquiry within 24 hours.

Link has been copied to your clipboard!