We received a report of a Swedish company that was just subjected to a targeted attack. The company employs approximately a dozen of high-ranking executives. Almost all of those executives received an email message with an attached executable file named "Likviditetsrapport december prel.xls .exe". (This translates to "Analysis of the current acquisition market.xls .exe".) The file's icon looked like that for an Excel document.
The targeted company employs has approximately 6,000 users; however, no one besides the dozen executives seems to have received these messages.
According to the VirusTotal scan, only two vendors consider the file malicious, tagging it as a dropper.
Lenny teaches a SANS course on analyzing malware.
Jan 9th 2009
1 decade ago